Default to mcrypt.

This will be the least incompatible change for users who have both
openssl and mcrypt installed. Encrypted data from old mcrypt cannot be
decrypted with openssl as the padding scheme is incorrect (null bytes
instead of PKCS#7).

src/Utility/Security.php

@@ -105,10 +105,10 @@ class Security {
  */
 	public static function engine($instance = null) {
 		if ($instance === null && static::$_instance === null) {
-			if (extension_loaded('openssl')) {
-				$instance = new Openssl();
-			} elseif (extension_loaded('mcrypt')) {
+			if (extension_loaded('mcrypt')) {
 				$instance = new Mcrypt();
+			} elseif (extension_loaded('openssl')) {
+				$instance = new Openssl();
 			}
 		}
 		if ($instance) {