On 3/23/20 2:44 PM, Rainer Jung wrote:
> The dependency on SSL_CTX_get_min_proto_version() and
> SSL_CTX_get_max_proto_version() was introduced in October by Yann's
> "r1868645 mod_ssl: negotiate the TLS protocol version per name based vhost
> configuration".
>
> Although the set variants are available in 1.1.0, the set were added later in
> 1.1.0g.
>
> Not sure, whether adjusting the version check as done now is the right fix.
> At least it unbreaks building httpd against OpenSSL
> 1.1.0-1.1.0f.
>
> The original change has been backported to 2.4.x, so building that for the
> above OpenSSL versions is currently broken.
IMHO we should backport it then once clarified that this is the correct thing
to do and ensure that it gets in 2.4.43.
I think this is a release blocker.
Regards
RĂ¼diger