Index: server/core.c
===================================================================
--- server/core.c	(revision 959695)
+++ server/core.c	(working copy)
@@ -3956,14 +3956,28 @@
      * is not initialized correctly, Linux - for example - will
      * be initially blocking, while Solaris will be non blocking
      * and any initial read will fail.
+     *
+     * If this timeout has already been set, don't set it again.
+     * This prevents overwriting of other modules' timeout options.
+     *
      */
-    rv = apr_socket_timeout_set(csd, c->base_server->timeout);
-    if (rv != APR_SUCCESS) {
-        /* expected cause is that the client disconnected already */
+    
+    rv = apr_socket_timeout_get(csd, &old_time);
+    if(rv != APR_SUCCESS) {
+        /* not sure why this would fail */
         ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
-                      "apr_socket_timeout_set");
+                      "apr_socket_timeout_get");
     }
 
+    if(old_time == apr_time_from_sec(0)) {
+        rv = apr_socket_timeout_set(csd, c->base_server->timeout);
+        if (rv != APR_SUCCESS) {
+            /* expected cause is that the client disconnected already */
+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
+                          "apr_socket_timeout_set");
+        }
+    }
+
     net->c = c;
     net->in_ctx = NULL;
     net->out_ctx = NULL;
Index: modules/ssl/ssl_private.h
===================================================================
--- modules/ssl/ssl_private.h	(revision 959695)
+++ modules/ssl/ssl_private.h	(working copy)
@@ -476,6 +476,7 @@
     modssl_ctx_t    *proxy;
     ssl_enabled_t    proxy_ssl_check_peer_expire;
     ssl_enabled_t    proxy_ssl_check_peer_cn;
+    apr_interval_time_t timeout;
 #ifndef OPENSSL_NO_TLSEXT
     ssl_enabled_t    strict_sni_vhost_check;
 #endif
@@ -561,6 +562,7 @@
 const char  *ssl_cmd_SSLProxyMachineCertificateFile(cmd_parms *, void *, const char *);
 const char  *ssl_cmd_SSLProxyCheckPeerExpire(cmd_parms *cmd, void *dcfg, int flag);
 const char  *ssl_cmd_SSLProxyCheckPeerCN(cmd_parms *cmd, void *dcfg, int flag);
+const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
 
 /**  module initialization  */
 int          ssl_init_Module(apr_pool_t *, apr_pool_t *, apr_pool_t *, server_rec *);
Index: modules/ssl/ssl_engine_config.c
===================================================================
--- modules/ssl/ssl_engine_config.c	(revision 959695)
+++ modules/ssl/ssl_engine_config.c	(working copy)
@@ -168,6 +168,7 @@
     sc->vhost_id               = NULL;  /* set during module init */
     sc->vhost_id_len           = 0;     /* set during module init */
     sc->session_cache_timeout  = UNSET;
+    sc->timeout                = 0;
     sc->cipher_server_pref     = UNSET;
     sc->insecure_reneg         = UNSET;
     sc->proxy_ssl_check_peer_expire = SSL_ENABLED_UNSET;
@@ -262,6 +263,7 @@
     cfgMerge(enabled, SSL_ENABLED_UNSET);
     cfgMergeBool(proxy_enabled);
     cfgMergeInt(session_cache_timeout);
+    cfgMergeInt(timeout);
     cfgMergeBool(cipher_server_pref);
     cfgMergeBool(insecure_reneg);
     cfgMerge(proxy_ssl_check_peer_expire, SSL_ENABLED_UNSET);
@@ -346,6 +348,15 @@
  *  Configuration functions for particular directives
  */
 
+const char *ssl_cmd_SSLTimeout(cmd_parms *cmd,
+                             void *dcfg,
+                             const char *arg)
+{
+    SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+    sc->timeout = apr_time_from_sec(atoi(arg));
+    return NULL;
+}
+
 const char *ssl_cmd_SSLMutex(cmd_parms *cmd,
                              void *dcfg,
                              const char *arg_)
Index: modules/ssl/mod_ssl.c
===================================================================
--- modules/ssl/mod_ssl.c	(revision 959695)
+++ modules/ssl/mod_ssl.c	(working copy)
@@ -149,6 +149,9 @@
                 "Set user name to SSL variable value")
     SSL_CMD_SRV(StrictSNIVHostCheck, FLAG,
                 "Strict SNI virtual host checking")
+    SSL_CMD_SRV(Timeout, TAKE1,
+                "SSL connection lifetime "
+                "(`N' - number of seconds)")
 
     /*
      * Proxy configuration for remote SSL connections
@@ -366,7 +369,7 @@
     char *vhost_md5;
     modssl_ctx_t *mctx;
     server_rec *server;
-
+    
     if (!sslconn) {
         sslconn = ssl_init_connection_ctx(c);
     }
@@ -395,7 +398,7 @@
 
         return DECLINED; /* XXX */
     }
-
+    
     vhost_md5 = ap_md5_binary(c->pool, (unsigned char *)sc->vhost_id,
                               sc->vhost_id_len);
 
@@ -455,7 +458,8 @@
 {
     SSLSrvConfigRec *sc;
     SSLConnRec *sslconn = myConnConfig(c);
-
+    apr_status_t tv;
+    
     if (sslconn) {
         sc = mySrvConfig(sslconn->server);
     }
@@ -482,6 +486,14 @@
         return DECLINED;
     }
 
+    /* Set the SSL connection timeout. */
+    rv = apr_socket_timeout_set(csd, sc->timeout);
+    if(rv != APR_SUCCESS) {
+      /* expected cause is that the client disconnected already */
+      ap_log_cerror(APLOG_MARK, APLOG_DEBUG, rv, c,
+                    "Unable to set timeout on SSL socket");
+    }
+    
     /*
      * Remember the connection information for
      * later access inside callback functions