mod_ssl: Revert r1868929 on trunk (only).

We discussed in 2019 that after 2.4.x's backport r1873907 we should apply
normal/usual merging for SSLProtocol in next versions (thus trunk first).
See: https://lists.apache.org/thread/76yh7j3fwj2tsmffsqcqpv4mcfph5vqx

Make this happen finally.



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1921360 13f79535-47bb-0310-9956-ffa450edef68

1 files changed, 7 insertions, 8 deletions

diff --git a/modules/ssl/ssl_engine_kernel.c b/modules/ssl/ssl_engine_kernel.c
index ac03b2ef7f..134fb17afb 100644
--- a/modules/ssl/ssl_engine_kernel.c
+++ b/modules/ssl/ssl_engine_kernel.c
@@ -2612,14 +2612,13 @@ static int ssl_find_vhost(void *servername, conn_rec *c, server_rec *s)
 #if OPENSSL_VERSION_NUMBER >= 0x1010007fL \
         && (!defined(LIBRESSL_VERSION_NUMBER) \
             || LIBRESSL_VERSION_NUMBER >= 0x20800000L)
-        /*
-         * Don't switch the protocol if none is configured for this vhost,
-         * the default in this case is still the base server's SSLProtocol.
-         */
-        if (myConnCtxConfig(c, sc)->protocol_set) {
-            SSL_set_min_proto_version(ssl, SSL_CTX_get_min_proto_version(ctx));
-            SSL_set_max_proto_version(ssl, SSL_CTX_get_max_proto_version(ctx));
-        }
+         /* Switch to the vhost's protocols. Note that 2.4 used to do this
+          * only if SSLProtocol was configured/inherited for this vhost, using
+          * the base server's SSLProtocol otherwise. From 2.5 usual merging
+          * applies.
+          */
+        SSL_set_min_proto_version(ssl, SSL_CTX_get_min_proto_version(ctx));
+        SSL_set_max_proto_version(ssl, SSL_CTX_get_max_proto_version(ctx));
 #endif
         if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) ||
             (SSL_num_renegotiations(ssl) == 0)) {