On Fri, Oct 25, 2019 at 2:48 PM Yann Ylavic <[email protected]> wrote: > > Nice idea, I suppose I could make the callback check for > ->protocol_set == 0 and not switch in this case. > The opt-in may not be that useful then, without it (or "off") the > default would be the base server's SSLProtocol, while "on" would be > whatever SSLProtocol default is?
By doing that change I realized that mod_ssl did not merge ->protocol_set (r1868934), but now I realize what merging means wrt to the above semantics... In my previous server1/server2 example, where no SSLProtocol is configured in server2, what if SSLProtocol is configured at the server config (root) level? Should server2 take the value of its base server or the root one? The current status is that, without an opt-in/out, it takes the root value if configured, or the base server's otherwise. Not very intuitive... Thoughts?
