On the trunk:

mod_ssl: not using SSLV3 constant that would define what we mean by SSL version 3 if openssl does not know about SSL version 3. Then we pretend to not know about it either.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805186 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c
index eea424e688d0b4ecc840f264870f4b9150d674b9..7b1c778d884378302d80ed01a0ca535bc36d1c0a 100644 (file)
--- a/modules/ssl/ssl_engine_config.c
+++ b/modules/ssl/ssl_engine_config.c
@@ -520,6 +520,12 @@ void ssl_config_proxy_merge(apr_pool_t *p,
 
 #define SSL_MOD_POLICIES_KEY "ssl_module_policies"
 
+#ifndef OPENSSL_NO_SSL3
+#define STUPID_PROTOCOL_CONSTANTS_SSLV3      SSL_PROTOCOL_SSLV3
+#else
+#define STUPID_PROTOCOL_CONSTANTS_SSLV3      0
+#endif
+
 /**
  * Define a core set of policies that are always there:
  * - 'modern' from https://wiki.mozilla.org/Security/Server_Side_TLS
@@ -529,7 +535,7 @@ void ssl_config_proxy_merge(apr_pool_t *p,
 #ifdef HAVE_TLSV1_X
     /* Only with OpenSSL > v1.0.2 do we have a chance to implement modern */
 #define SSL_POLICY_LEGACY_PROTOCOLS  \
-    (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1)
+    (STUPID_PROTOCOL_CONSTANTS_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1)
 
 #define SSL_POLICY_MODERN_PROTOCOLS  \
     (SSL_PROTOCOL_ALL & ~SSL_POLICY_LEGACY_PROTOCOLS)
@@ -542,7 +548,8 @@ void ssl_config_proxy_merge(apr_pool_t *p,
 #endif
     
 #define SSL_POLICY_INTERMEDIATE_PROTOCOLS \
-    (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3)
+    (SSL_PROTOCOL_ALL & ~STUPID_PROTOCOL_CONSTANTS_SSLV3)
+    
 #define SSL_POLICY_INTERMEDIATE_CIPHERS \
     "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:" \
     "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:" \