From 597bc9e7665cc08ef2afa66e37bda0ba5feda548 Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Wed, 16 Aug 2017 12:43:41 +0000 Subject: [PATCH] On the trunk: mod_ssl: not using SSLV3 constant that would define what we mean by SSL version 3 if openssl does not know about SSL version 3. Then we pretend to not know about it either. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1805186 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_config.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/ssl/ssl_engine_config.c b/modules/ssl/ssl_engine_config.c index eea424e688..7b1c778d88 100644 --- a/modules/ssl/ssl_engine_config.c +++ b/modules/ssl/ssl_engine_config.c @@ -520,6 +520,12 @@ void ssl_config_proxy_merge(apr_pool_t *p, #define SSL_MOD_POLICIES_KEY "ssl_module_policies" +#ifndef OPENSSL_NO_SSL3 +#define STUPID_PROTOCOL_CONSTANTS_SSLV3 SSL_PROTOCOL_SSLV3 +#else +#define STUPID_PROTOCOL_CONSTANTS_SSLV3 0 +#endif + /** * Define a core set of policies that are always there: * - 'modern' from https://wiki.mozilla.org/Security/Server_Side_TLS @@ -529,7 +535,7 @@ void ssl_config_proxy_merge(apr_pool_t *p, #ifdef HAVE_TLSV1_X /* Only with OpenSSL > v1.0.2 do we have a chance to implement modern */ #define SSL_POLICY_LEGACY_PROTOCOLS \ - (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1) + (STUPID_PROTOCOL_CONSTANTS_SSLV3|SSL_PROTOCOL_TLSV1|SSL_PROTOCOL_TLSV1_1) #define SSL_POLICY_MODERN_PROTOCOLS \ (SSL_PROTOCOL_ALL & ~SSL_POLICY_LEGACY_PROTOCOLS) @@ -542,7 +548,8 @@ void ssl_config_proxy_merge(apr_pool_t *p, #endif #define SSL_POLICY_INTERMEDIATE_PROTOCOLS \ - (SSL_PROTOCOL_ALL & ~SSL_PROTOCOL_SSLV3) + (SSL_PROTOCOL_ALL & ~STUPID_PROTOCOL_CONSTANTS_SSLV3) + #define SSL_POLICY_INTERMEDIATE_CIPHERS \ "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:" \ "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:" \ -- 2.40.0