diff --git a/changes-entries/ssl_prot.txt b/changes-entries/ssl_prot.txt
new file mode 100644
index 0000000000..788fc2a368
--- /dev/null
+++ b/changes-entries/ssl_prot.txt
@@ -0,0 +1,5 @@
+
+  *) mod_ssl: Remove warning over potential uninitialised value
+     for ssl protocol prior to protocol selection.
+     [Graham Leggett]
+
diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 33ef4c4d7b..86c8e32357 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -664,7 +664,12 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,
     SSLSrvConfigRec *sc = mySrvConfig(s);
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L  && \
 	(!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x20800000L)
-    int prot;
+    /* default is highest supported version, will be overridden below */
+#if SSL_HAVE_PROTOCOL_TLSV1_3 
+    int prot = TLS1_3_VERSION;
+#else
+    int prot = TLS1_2_VERSION;
+#endif
 #endif
 
     /*