Fix undefined vs empty confusion for tls_cipher_suite

The documentation refers to tls_cipher_suite being empty in order
to use the default parameters, not undefined.

However, configuring an empty set of cipher suites did just that:
no cipher suites could be used, which is not very useful.

Fix the documentation: in order to use the default suites, the
parameter must be undefined, not empty.

And in code, make an empty set equivalent to the parameter being
undefined.

dnscrypt-proxy/example-dnscrypt-proxy.toml

@@ -223,9 +223,9 @@ cert_refresh_delay = 240
 ## On non-Intel CPUs such as MIPS routers and ARM systems (Android, Raspberry Pi...),
 ## the following suite improves performance.
 ## This may also help on Intel CPUs running 32-bit operating systems.
+## However, this can cause issues fetching sources or connecting to some HTTP servers.
 ##
-## Keep tls_cipher_suite empty if you have issues fetching sources or
-## connecting to some DoH servers.
+## Keep tls_cipher_suite undefined to let the app automatically choose secure parameters
 
 # tls_cipher_suite = [52392, 49199]
 

dnscrypt-proxy/xtransport.go

@@ -217,12 +217,13 @@ func (xTransport *XTransport) rebuildTransport() {
 		tlsClientConfig.Certificates = []tls.Certificate{cert}
 	}
 
-	if xTransport.tlsDisableSessionTickets || xTransport.tlsCipherSuite != nil {
+	overrideCipherSuite := xTransport.tlsCipherSuite != nil && len(xTransport.tlsCipherSuite) > 0
+	if xTransport.tlsDisableSessionTickets || overrideCipherSuite {
 		tlsClientConfig.SessionTicketsDisabled = xTransport.tlsDisableSessionTickets
 		if !xTransport.tlsDisableSessionTickets {
 			tlsClientConfig.ClientSessionCache = tls.NewLRUClientSessionCache(10)
 		}
-		if xTransport.tlsCipherSuite != nil {
+		if overrideCipherSuite {
 			tlsClientConfig.PreferServerCipherSuites = false
 			tlsClientConfig.CipherSuites = xTransport.tlsCipherSuite