Bridges should be able to disable v1 and v2 link handshakes
There is no point in implementing scanning resistance and all that fancy stuff, if censors can make a bridge perform the fingerprintable v1/v2 link handshakes by adding a few ciphers to ClientHello, or renegotiating right after TLS.
There should be a way to disable v1 and v2 link handshakes before we implement scanning resistance stuff.