Virtual encryption patching using multiple transport layer security implementations

What is claimed is: 1. A method in a security gateway for protecting one or more server applications from transport layer security implementation vulnerabilities, wherein the security gateway is communicatively coupled between a plurality of client end stations and the one or more server applications to communicate application layer data between them, and wherein the security gateway is configured to communicate the application layer data with the plurality of client end stations through network connections that terminate at the security gateway, the method comprising: selecting, at the security gateway while a plurality of transport layer security implementations (TLSIs) within the security gateway are enabled, different ones of the plurality of TLSIs to be utilized for different ones of new network connections being established between the plurality of client end stations and the security gateway, wherein each of the new network connections is being established between one of the plurality of client end stations and the security gateway for the purpose of communicating application layer data between that client end station and one of the server applications; receiving, at the security gateway, a first TLSI control message indicating that a first TLSI of the plurality of TLSIs is to be disabled and thus no longer be eligible to be selected to be utilized for new network connections, leaving a set of one or more others of the plurality of TLSIs still enabled, wherein the first TLSI has a vulnerability not shared by the set of one or more others of the plurality of TLSIs due to their different implementations; selecting, at the security gateway, for each new network connection being established between one of the plurality of client end stations and the security gateway while the first TLSI is disabled, one of the TLSIs from the set of the TLSIs that are still enabled to be utilized for the new network connection; receiving, at the security gateway, a patch for the first TLSI while it is disabled; and enabling, at the security gateway after the first TLSI has been disabled and after the patch has been applied, the first TLSI. 2. The method of claim 1 , wherein: the first TLSI control message includes an enablement condition; and the enabling of the first TLSI occurs responsive to determining that the enablement condition has been met. 3. The method of claim 2 , wherein: the enablement condition comprises a software version identifier of the first TLSI; and the determining that the enablement condition has been met comprises determining, after the patch has been applied, that a current version identifier of the first TLSI is greater than or equal to the software version identifier of the enablement condition. 4. The method of claim 1 , wherein: before the receiving of the first TLSI control message indicating that the first TLSI is to be disabled, the selecting includes selecting the first TLSI for a first of the new network connections that is with a first client end station of the plurality of client end stations; and the method further comprises after the receipt of the first TLSI control message and after the first TLSI is disabled, continuing to utilize the first TLSI for the first new network connection. 5. The method of claim 4 , wherein the selecting includes: selecting, while the first TLSI is disabled, a second TLSI of the set of the TLSIs that are still enabled for a second of the new network connections that is with the first client end station. 6. The method of claim 1 , wherein: before the receipt of the first TLSI control message indicating that the first TLSI is to be disabled, the selecting includes selecting the first TLSI for a first of the new network connections that is with a first client end station of the plurality of client end stations; and wherein the method further comprises after the receipt of the first TLSI control message, causing the first new network connection to be terminated. 7. The method of claim 1 , wherein the selecting of the different ones of the plurality of TLSIs to be utilized for the different ones of the new connections is based upon weights assigned to the plurality of TLSIs. 8. The method of claim 1 , wherein the selecting of the different ones of the plurality of TLSIs to be utilized for the different ones of the new connections is based upon network attributes from packets of the new connections. 9. The method of claim 1 , wherein the security gateway acts as a transparent proxy between the plurality of client end stations and the one or more server applications. 10. The method of claim 1 , wherein the security gateway acts as a reverse proxy between the plurality of client end stations and the one or more server applications. 11. The method of claim 1 , further comprising: issuing, for packets received over the new network connections from the plurality of client end stations, Application Programming Interface (API) calls to the plurality of TLSIs according to the selections. 12. The method of claim 1 , wherein each of the plurality of TLSIs is utilized to implement a transport layer security protocol by a corresponding standalone processing module that implements a transport layer protocol, and wherein the method further comprises: providing, for packets received over the new network connections from the plurality of client end stations, the packets via an Inter-Process Communication (IPC) communication mechanism to the standalone processing modules according to the selections. 13. The method of claim 1 , wherein each of the plurality of TLSIs is utilized to implement a transport layer security protocol by a corresponding standalone processing module that implements a transport layer protocol, wherein each of the standalone processing modules is bound to a different port, and wherein the method further comprises: modifying transport layer destination port header field values of packets received over the new network connections from the plurality of client end stations to reference the different ports according to the selections; and sending the modified packets to the plurality of standalone processing modules according to the modified different ports. 14. The method of claim 1 , wherein each of the plurality of TLSIs is utilized to implement a transport layer security protocol by a corresponding standalone processing module that implements a transport layer protocol, wherein each of the standalone processing modules is bound to a different Internet Protocol (IP) address, and wherein the method further comprises: modifying Internet layer destination address header field values of packets received over the new network connections from the plurality of client end stations to reference the different IP addresses according to the selections; and sending the modified packets to the plurality of standalone processing modules according to the different IP addresses. 15. A non-transitory computer readable medium storing instructions which, when executed by one or more processors of an electronic device, cause the electronic device to implement a security gateway that protects one or more server applications from transport layer security implementation vulnerabilities by performing operations, wherein the security gateway is to be communicatively coupled between a plurality of client end stations and the one or more server applications to communicate application layer data between them, and wherein the security gateway is configured to communicate the application layer data with the plurality of client end stations through network connections that terminat