On the trunk:

mod_ssl: proper checks for libressl 2.07/8 and its TLSv1_3 support, see PR 62236. [Bernard Spil <brnrd@freebsd.org>] git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828222 13f79535-47bb-0310-9956-ffa450edef68
2025-08-08 15:02:10 +03:00 · 2018-04-03 12:19:28 +00:00
parent afba88ef3d
commit c9e9ecff20
5 changed files with 17 additions and 10 deletions
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -542,7 +542,8 @@ static apr_status_t ssl_init_ctx_tls_extensions(server_rec *s,
 }
 #endif

-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
 /*
 * Enable/disable SSLProtocol. If the mod_ssl enables protocol
 * which is disabled by default by OpenSSL, show a warning.
@@ -660,7 +661,8 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s,

    SSL_CTX_set_options(ctx, SSL_OP_ALL);

-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L  || \
+	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
    /* always disable SSLv2, as per RFC 6176 */
    SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);