}
return NULL;
}
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
else if (!strcmp("TLSv1.3", arg1)) {
if (cmd->path) {
return "TLSv1.3 ciphers cannot be set inside a directory context";
dc->proxy->auth.cipher_suite = arg2;
return NULL;
}
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
else if (!strcmp("TLSv1.3", arg1)) {
dc->proxy->auth.tls13_ciphers = arg2;
return NULL;
apr_file_t *out, const char *indent, const char **psep)
{
DMP_STRING(proxy? "SSLProxyCipherSuite" : "SSLCipherSuite", auth->cipher_suite);
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
if (auth->tls13_ciphers) {
DMP_STRING(proxy? "SSLProxyCipherSuite" : "SSLCipherSuite",
apr_pstrcat(p, "TLSv1.3 ", auth->tls13_ciphers, NULL));
TLSv1_2_client_method() : /* proxy */
TLSv1_2_server_method(); /* server */
}
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
else if (protocol == SSL_PROTOCOL_TLSV1_3) {
method = mctx->pkp ?
TLSv1_3_client_method() : /* proxy */
ssl_set_ctx_protocol_option(s, ctx, SSL_OP_NO_TLSv1_2,
protocol & SSL_PROTOCOL_TLSV1_2, "TLSv1.2");
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
ssl_set_ctx_protocol_option(s, ctx, SSL_OP_NO_TLSv1_3,
protocol & SSL_PROTOCOL_TLSV1_3, "TLSv1.3");
#endif
#else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
/* We first determine the maximum protocol version we should provide */
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) {
prot = TLS1_3_VERSION;
} else
/* Next we scan for the minimal protocol version we should provide,
* but we do not allow holes between max and min */
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {
prot = TLS1_2_VERSION;
}
ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
return ssl_die(s);
}
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
if (mctx->auth.tls13_ciphers
&& !SSL_CTX_set_ciphersuites(ctx, mctx->auth.tls13_ciphers)) {
ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO(10127)
return DECLINED;
}
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
/*
* Access Handler, modern flavour, for SSL/TLS v1.3 and onward.
* Only client certificates can be requested, everything else stays.
return DECLINED;
}
-#ifdef SSL_OP_NO_TLSv1_3
+#if SSL_HAVE_PROTOCOL_TLSV1_3
/* TLSv1.3+ is less complicated here. Branch off into a new codeline
* and avoid messing with the past. */
if (SSL_version(ssl) >= TLS1_3_VERSION) {