From 010f409bdc7f591f832c7256a957e1b9e9775672 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Mon, 29 Aug 2005 19:59:46 +0000
Subject: [PATCH]   Noticed in the development of fips-enabled mod_ssl, when we
 are   configured to support exactly one protocol, use that explicit server  
 and client mechansim to handshake with the client or proxied machine,  
 rather than the generic SSLv23_[client|server]_method().

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@264621 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_init.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c
index 0a545909d3..5a2409126d 100644
--- a/modules/ssl/ssl_engine_init.c
+++ b/modules/ssl/ssl_engine_init.c
@@ -409,14 +409,23 @@ static void ssl_init_ctx_protocol(server_rec *s,
         method = mctx->pkp ?
             SSLv2_client_method() : /* proxy */
             SSLv2_server_method();  /* server */
-        ctx = SSL_CTX_new(method);  /* only SSLv2 is left */
     }
-    else {
+    else if (protocol == SSL_PROTOCOL_SSLV3) {
+        method = mctx->pkp ?
+            SSLv3_client_method() : /* proxy */
+            SSLv3_server_method();  /* server */
+    }
+    else if (protocol == SSL_PROTOCOL_TLSV1) {
+        method = mctx->pkp ?
+            TLSv1_client_method() : /* proxy */
+            TLSv1_server_method();  /* server */
+    }
+    else { /* For multiple protocols, we need a flexible method */
         method = mctx->pkp ?
             SSLv23_client_method() : /* proxy */
             SSLv23_server_method();  /* server */
-        ctx = SSL_CTX_new(method); /* be more flexible */
     }
+    ctx = SSL_CTX_new(method);
 
     mctx->ssl_ctx = ctx;
 
-- 
2.40.0