From afba88ef3da7cc02efcfd85bad5f775427463b2d Mon Sep 17 00:00:00 2001 From: Stefan Eissing Date: Tue, 3 Apr 2018 11:49:17 +0000 Subject: [PATCH] On the trunk: mod_ssl: guard use of TLS1_3_VERSION with proper #ifdefs git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1828220 13f79535-47bb-0310-9956-ffa450edef68 --- modules/ssl/ssl_engine_init.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/ssl/ssl_engine_init.c b/modules/ssl/ssl_engine_init.c index 35553f5eaf..dd9036c18d 100644 --- a/modules/ssl/ssl_engine_init.c +++ b/modules/ssl/ssl_engine_init.c @@ -685,9 +685,12 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, #else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */ /* We first determine the maximum protocol version we should provide */ +#ifdef SSL_OP_NO_TLSv1_3 if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) { prot = TLS1_3_VERSION; - } else if (protocol & SSL_PROTOCOL_TLSV1_2) { + } else +#endif + if (protocol & SSL_PROTOCOL_TLSV1_2) { prot = TLS1_2_VERSION; } else if (protocol & SSL_PROTOCOL_TLSV1_1) { prot = TLS1_1_VERSION; @@ -708,9 +711,11 @@ static apr_status_t ssl_init_ctx_protocol(server_rec *s, /* Next we scan for the minimal protocol version we should provide, * but we do not allow holes between max and min */ +#ifdef SSL_OP_NO_TLSv1_3 if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) { prot = TLS1_2_VERSION; } +#endif if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) { prot = TLS1_1_VERSION; } -- 2.40.0