Support compilation against libssl built with OPENSSL_NO_SSL3,

and change the compiled-in default for SSL[Proxy]Protocol to "all -SSLv3", in accordance with RFC 7568. PR 58349, PR 57120. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1703952 13f79535-47bb-0310-9956-ffa450edef68
2025-08-07 04:02:58 +03:00 · 2015-09-19 08:40:56 +00:00
parent fab37e8e26
commit 4c9b3c3b35
8 changed files with 61 additions and 13 deletions
--- a/modules/ssl/mod_ssl.c
+++ b/modules/ssl/mod_ssl.c
@@ -135,10 +135,15 @@ static const command_rec ssl_config_cmds[] = {
    SSL_CMD_SRV(SessionCacheTimeout, TAKE1,
                "SSL Session Cache object lifetime "
                "('N' - number of seconds)")
-#ifdef HAVE_TLSV1_X
-#define SSL_PROTOCOLS "SSLv3|TLSv1|TLSv1.1|TLSv1.2"
+#ifdef OPENSSL_NO_SSL3
+#define SSLv3_PROTO_PREFIX ""
 #else
-#define SSL_PROTOCOLS "SSLv3|TLSv1"
+#define SSLv3_PROTO_PREFIX "SSLv3|"
+#endif
+#ifdef HAVE_TLSV1_X
+#define SSL_PROTOCOLS SSLv3_PROTO_PREFIX "TLSv1|TLSv1.1|TLSv1.2"
+#else
+#define SSL_PROTOCOLS SSLv3_PROTO_PREFIX "TLSv1"
 #endif
    SSL_CMD_SRV(Protocol, RAW_ARGS,
                "Enable or disable various SSL protocols "