--- modules/ssl/ssl_engine_config.c (revision 1652393) +++ modules/ssl/ssl_engine_config.c (working copy) @@ -110,7 +110,7 @@ mctx->ticket_key = NULL; #endif - mctx->protocol = SSL_PROTOCOL_ALL; + mctx->protocol = SSL_PROTOCOL_UNSET; mctx->pphrase_dialog_type = SSL_PPTYPE_UNSET; mctx->pphrase_dialog_path = NULL; @@ -254,7 +254,7 @@ modssl_ctx_t *add, modssl_ctx_t *mrg) { - cfgMerge(protocol, SSL_PROTOCOL_ALL); + cfgMerge(protocol, SSL_PROTOCOL_UNSET); cfgMerge(pphrase_dialog_type, SSL_PPTYPE_UNSET); cfgMergeString(pphrase_dialog_path); --- modules/ssl/ssl_engine_init.c (revision 1652393) +++ modules/ssl/ssl_engine_init.c (working copy) @@ -209,10 +209,19 @@ if (sc->enabled == SSL_ENABLED_UNSET) { sc->enabled = SSL_ENABLED_FALSE; } + if (sc->proxy_enabled == UNSET) { sc->proxy_enabled = FALSE; } + if (sc->server && sc->server->protocol == SSL_PROTOCOL_UNSET) { + sc->server->protocol = SSL_PROTOCOL_ALL; + } + + if (sc->proxy && sc->proxy->protocol == SSL_PROTOCOL_UNSET) { + sc->proxy->protocol = SSL_PROTOCOL_ALL; + } + if (sc->session_cache_timeout == UNSET) { sc->session_cache_timeout = SSL_SESSION_CACHE_TIMEOUT; } --- modules/ssl/ssl_private.h (revision 1652393) +++ modules/ssl/ssl_private.h (working copy) @@ -286,13 +286,14 @@ /** * Define the SSL Protocol options */ -#define SSL_PROTOCOL_NONE (0) -#define SSL_PROTOCOL_SSLV2 (1<<0) -#define SSL_PROTOCOL_SSLV3 (1<<1) -#define SSL_PROTOCOL_TLSV1 (1<<2) +#define SSL_PROTOCOL_UNSET (0) +#define SSL_PROTOCOL_NONE (1<<0) +#define SSL_PROTOCOL_SSLV2 (1<<1) +#define SSL_PROTOCOL_SSLV3 (1<<2) +#define SSL_PROTOCOL_TLSV1 (1<<3) #ifdef HAVE_TLSV1_X -#define SSL_PROTOCOL_TLSV1_1 (1<<3) -#define SSL_PROTOCOL_TLSV1_2 (1<<4) +#define SSL_PROTOCOL_TLSV1_1 (1<<4) +#define SSL_PROTOCOL_TLSV1_2 (1<<5) #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_SSLV3|SSL_PROTOCOL_TLSV1| \ SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) #else