git.net

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: svn commit: r1841573 - in /httpd/httpd/branches/2.4.x: ./ CHANGES STATUS docs/manual/mod/mod_ssl.xml modules/ssl/mod_ssl.c modules/ssl/ssl_engine_config.c modules/ssl/ssl_engine_init.c modules/ssl/ssl_engine_kernel.c modules/ssl/ssl_private.h


*cheers*!!

> On Sep 21, 2018, at 8:14 AM, minfrin@xxxxxxxxxx wrote:
> 
> Author: minfrin
> Date: Fri Sep 21 12:14:05 2018
> New Revision: 1841573
> 
> URL: http://svn.apache.org/viewvc?rev=1841573&view=rev
> Log:
> Add TLSv1.3 support to mod_ssl:
> trunk: http://svn.apache.org/r1839946
>       http://svn.apache.org/r1839920
>       http://svn.apache.org/r1833589
>       http://svn.apache.org/r1833588
>       http://svn.apache.org/r1828723
>       http://svn.apache.org/r1828720
>       http://svn.apache.org/r1828222
>       http://svn.apache.org/r1827992
>       http://svn.apache.org/r1827924
>       http://svn.apache.org/r1827912
>       http://svn.apache.org/r1828790
>       http://svn.apache.org/r1828791
>       http://svn.apache.org/r1828792
>       http://svn.apache.org/r1840585
>       http://svn.apache.org/r1840710
>       http://svn.apache.org/r1841218
> 2.4.x branch: svn merge ^/httpd/httpd/branches/tlsv1.3-for-2.4.x
> 
> Modified:
>    httpd/httpd/branches/2.4.x/   (props changed)
>    httpd/httpd/branches/2.4.x/CHANGES
>    httpd/httpd/branches/2.4.x/STATUS
>    httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
>    httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c
>    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
>    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
>    httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
>    httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h
> 
> Propchange: httpd/httpd/branches/2.4.x/
> ------------------------------------------------------------------------------
> --- svn:mergeinfo (original)
> +++ svn:mergeinfo Fri Sep 21 12:14:05 2018
> @@ -1,11 +1,11 @@
> /httpd/httpd/branches/2.4.17-protocols-changes:1712542-1715252
> /httpd/httpd/branches/2.4.17-protocols-http2:1701609-1705681
> -/httpd/httpd/branches/2.4.x:1825504
> /httpd/httpd/branches/2.4.x-mod_md:1816423-1821089
> /httpd/httpd/branches/2.4.x-mpm_fdqueue:1824383-1824864
> /httpd/httpd/branches/revert-ap-ldap:1150158-1150173
> +/httpd/httpd/branches/tlsv1.3-for-2.4.x:1840105-1841571
> /httpd/httpd/branches/trunk-buildconf-noapr:1780253-1795930
> /httpd/httpd/branches/trunk-md:1804087-1804529
> /httpd/httpd/branches/trunk-override-index:1793921-1793931
> /httpd/httpd/branches/wombat-integration:723609-723841
> -/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,1201111,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
> 15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,1301111,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
> ,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341905-1341906,1341913,1341930,1342065,1343085,1343087,1343094,1343099,1343109,1343935,1344712,1345147,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369
> 604,1369618,1369904,1369995,1369999,1370001,1370466,1370592,1370615-1370616,1370763,1371387,1371791,1371801,1371878,1371903,1373270,1373447,1373898,1373955,1374157,1374199,1374214,1374216,1374247,1374874,1374877,1374880,1375006,1375009,1375011,1375013,1375445,1375584,1376695,1376700,1378178,1383490,1384408,1384913,1386576,1386578,1386726,1386822,1386880,1386913,1387085,1387088,1387110,1387389,1387444,1387603,1387607,1387633,1387693,1387979,1388029,1388445,1388447,1388648,1388660,1388825,1388899,1389316,1389339,1389481,1389506,1389564,1389566-1389569,1390562,1390564,1391396,1391398,1391771,1392120,1392122,1392150,1392214,1392345-1392347,1392850,1393033,1393058,1393152,1393338,1393564,1394079,1395225,1395253-1395256,1395792,1396440,1397172,1397320,1397636,1397687,1397710,1397716,1398025,1398040,1398066,1398478,1398480-1398481,1398970,1399413,1399687,1399708,1400700,1401448,1402924,1403476,1403483,1403492,1404653,1405407,1405856,1405973,1406068,1406493,1406495,1406616,1406646,1406760,1
> 407004,1407006,1407085,1407088,1407248,1407381,1407459-1407460,1407528,1407853,1407965,1408093,1408402,1408958,1408961,1409170,1409437,1409726,1409800,1410681,1410954,1411862,1412278,1413732,1414094,1415008,1415023,1415075,1416121,1416150,1416278,1417197,1417440,1417529,1418524,1418556,1418648,1418655,1418703,1418721,1418752,1418761,1418765,1418769,1419084,1419719,1419726,1419755,1419781,1419796,1420120,1420124,1420149,1420184,1420644,1420685-1420686,1420975,1421288,1421323,1421851,1421912,1421953,1422135,1422549,1422594,1422712,1422855,1422937,1422943,1422980,1423353,1423933,1425360,1425771-1425772,1425775,1425777,1425874,1426850,1426975,1427546,1428184,1428280,1428916,1429228,1429559,1429561,1429564,1429582,1430575,1430814,1430869,1433001,1433613,1433682,1433861,1433988,1435178,1435811,1436058,1436401,1439083,1439106,1439114,1439404,1439623,1442309,1442320,1442326,1442412,1442759,1442865,1447993,1448171,1448453,1451478,1451484,1451633,1451830,1451849,1451905,1451921,1452128,145219
> 5,1452259,1452281,1452551,1452911,1452949,1452954,1453022,1453574,1453604,1453875-1453876,1453963,1453981,1454386,1454414-1454415,1454888,1457437,1457450,1457471,1457504,1457520-1457521,1457610,1457995,1458003-1458004,1458020,1458285,1458447,1458456,1462266,1462269,1462643,1463044-1463047,1463049,1463052,1463056,1463455,1463736,1463750,1463754,1464675,1464721,1464762,1465115-1465116,1465190,1467593,1467765,1468581,1470183,1470679,1470940,1471449,1475878,1476604,1476621,1476642,1476644-1476645,1476652,1476680,1477094,1477530,1478382,1478748,1479117,1479216,1479222,1479411,1479528,1479905,1479966,1480046,1480627,1481197,1481302,1481306,1481396-1481397,1481891,1482041,1482075,1482170,1482555,1482859,1482996,1483005,1483027,1483190,1484343,1484398,1484832,1484910,1484914,1485409,1485668,1486490,1487528,1487530,1487775,1488158,1488164,1488296,1488471,1488492,1488644,1490294,1490493,1490507,1490550,1490761,1490994,1491155,1491221,1491234,1491458,1491479,1491538,1491564,1491724,1492395,149
> 2663,1492710,1492782,1493257,1493330,1493921,1493925,1494532,1494536,1495501,1496194,1496338,1496429,1496709,1497371,1497588,1498880,1499679,1500323,1500345,1500362,1500423,1500437,1500483,1500519,1501294,1501369,1501399,1501827,1501913,1502665,1502772,1503680,1503866,1503990-1503991,1504276,1506474,1506714,1509872,1509983,1510084-1510085,1510098,1510295,1510588,1510707,1511093,1513492,1513508,1514039,1514064,1514214-1514215,1514255,1514267,1514617,1515050,1515162,1515403,1515411,1515420,1517025,1517045,1517175,1517366,1517386,1517388,1518265,1518269,1519475,1520368,1520445,1520760,1520908,1521909,1523235,1523239,1523281,1523387,1524101,1524158,1524192,1524368,1524388,1524770,1525276,1525280-1525281,1525931,1526168,1526189,1526647,1526666,1527008,1527220,1527291,1527294-1527295,1527509,1527925-1527926,1528143,1528718,1529014,1529277,1529449,1529559,1529988,1529991,1530793,1531340,1531370,1531505,1531672,1531961-1531962,1532281,1532289,1532746,1532816,1533065,1533224,1533810,1533935,
> 1534321,1534754,1534890,1534892,1534895-1534896,1534914,1536310,1537535,1537718,1538490,1540051-1540052,1541181,1541270,1541368,1542338,1542379,1542533,1542562,1542615,1543020,1543147,1543149,1543174,1544381,1544774,1544784,1544812,1544820,1545286,1545292,1545325,1545364,1545408,1545411,1546692-1546693,1546730,1546759-1546760,1546801,1546804-1546805,1546835-1546836,1546860,1547845,1550061,1550302,1550307,1551611,1551685,1551714,1551802,1552130,1552227,1553204,1553824,1554161,1554168,1554170,1554175-1554176,1554179,1554181,1554184,1554188,1554192,1554195,1554276,1554281,1554300-1554301,1554994-1554995,1555240,1555259,1555266,1555423-1555424,1555463-1555464,1555467,1555555,1555569,1555631,1556206,1556428,1556473,1556911-1556912,1556914,1556937,1557317,1557617,1558483,1559351,1559828,1560367,1560546,1560679,1560689,1560729,1560977,1560979,1561137,1561262,1561385,1561660,1561923,1562472,1563193,1563379,1563381,1563417-1563418,1563420,1564052,1564437,1564475,1564756,1564760,1565081,15657
> 11,1568404,1569615,1570288,1570598,1571369,1572092,1572198,1572543,1572561,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572905,1572911,1572967,1573224,1573229,1573626,1574151,1575400,1576233,1576741,1578760,1578762,1580568,1580928,1580935,1583005,1583007-1583008,1583027,1583175,1583191,1584098,1584417,1584430,1584434,1584572,1584653,1584658,1584665,1584703,1584878,1584884,1584896,1585054,1585072,1585090,1585157,1585435,1585609,1585824,1585918-1585919,1586745,1586827,1587036,1587040,1587053,1587255,1587594,1587607,1587639,1587654,1588054,1588065,1588213,1588330,1588427,1588519,1588527,1588704,1588806,1588851,1588853,1588868,1589413,1590437,1590509,1591143,1591320,1591322,1591328,1591390,1591394,1591401,1591472,1591508,1592032,1592037,1592500,1592511,1592514,1592529,1592615,1592632,1593745,1594625,1594643,1594648,1595305,1595321,1595426,1597182,1597349,1597352,1597533,1597639,1597642,1598107,1598946,1599012,1599535,1601076,1601184-1601185,1601274,1601291,1601559,1601624,16
> 01630,1601919,1601995,1602338,1602978,1602989,1603027,1603029,1603122,1603156,1603915,1604382,1604461,1604631,1605207,1605328,1605827,1605829,1607960,1608284,1608785,1608999,1609914,1609936,1609938,1610207,1610311,1610353,1610366,1610491,1610652,1610674,1611165,1611169,1611244,1611600,1611871,1611978,1612068,1615026,1615289,1617018,1617913,1618401,1618541,1618555,1619297,1619383,1619444,1619483,1619835,1620324,1620461,1620932,1621367,1621372,1621417,1621453,1621806,1622450,1624234,1624349,1625196,1625952,1626050,1626956,1626978,1628104,1628388,1628918-1628919,1628924,1628950,1629235,1629239,1629244,1629250,1629372,1629440-1629441,1629485,1629507-1629508,1629519,1629576-1629577,1629652,1629916,1631885,1632454,1632740,1632742,1633730-1633731,1633793,1634120,1634237,1634425,1634736,1634836,1635510,1635558,1635644-1635645,1635762,1637112,1638072-1638073,1638879,1639614,1640031,1640036,1640040,1640042,1640331,1641077,1641095,1641376,1642099,1642484,1642499,1642847,1642868,1643034,1643279
> ,1643284,1643537,1643825,1644245,1646282,1646724,1647035,1648201,1648394,1648433,1648719,1648840,1649001,1649043,1649491,1649632,1649966,1650047,1650061,1650309-1650310,1650320,1651088,1652829,1652929,1652931,1652955,1652982,1652985,1652989,1653941,1653978,1653997,1656225,1656549,1656669,1657256,1657261,1657636,1657638,1657685,1657881,1657897,1658760,1658765,1661067,1661258,1661448,1661464,1661486,1662245-1662246,1662437,1663017,1663647,1664071,1664133,1664205,1664299,1664565,1664709,1665215-1665216,1665218,1665625,1665643,1665721,1666297,1666361,1666363,1666415,1666417,1666468,1666617-1666618,1666998,1667385-1667386,1667676,1667707,1668532,1668535,1668553,1669130,1669289,1669292,1670434,1671364,1671396-1671397,1671918,1672289,1672453,1672466,1672480,1672483,1672564,1672757,1672985,1672989,1673113,1673155,1673368,1673455,1673769,1674056,1674538,1674542,1674606,1674632,1674697,1675103,1675410,1675533,1676085,1676654,1676709,1676842,1677096,1677143-1677146,1677149,1677151,1677153-1677
> 156,1677159,1677339,1677462,1677702,1677830,1677832,1677834-1677835,1678763,1679032,1679181-1679182,1679192,1679428,1679432,1679470,1679620,1679712,1680276,1680895,1680900,1680942,1681037,1681424,1681440,1681685,1681694,1681795,1682482,1682816,1682819,1682907,1682923,1682937,1682979,1682988,1683044,1683047,1683123,1683881,1683884,1684057,1684171,1684636,1684900,1685069,1685339,1685345,1685347,1685349-1685350,1685650,1685659,1685779,1686085,1686853,1686856,1687539,1687680,1687980,1688274,1688331,1688339-1688341,1688343,1688399,1688474-1688475,1688536,1688538,1688660,1689325,1689605,1689694,1689698,1690120,1690137,1690248,1691374,1691582,1691592,1691819,1691908,1692285,1692432,1692486,1692516,1693792,1693918-1693919,1693963,1694903,1694936,1694950-1694951,1695170,1695727,1695874,1695885,1695920,1696105,1696264,1696266,1696279,1696428,1696442,1696565,1696592,1696607,1696755,1696881,1697013,1697015,1697051,1697323,1697339,1697370,1697389,1697446,1697543,1697634,1697855,1698023,1698103,1
> 698107,1698116,1698133,1698330,1698334,1700271,1700275,1700317-1700322,1700326,1700328,1700330-1700332,1700334,1700336,1700338,1700418,1700514,1700777,1700851,1700917,1700925,1700968,1701005,1701145,1701178,1701204,1701347,1701436,1701545,1701717,1702643,1702919,1702948,1703152,1703241,1703248,1703417,1703642,1703807,1703813,1703822,1703871,1703902,1703952,1704099,1704241,1704262,1704797,1704799,1704826,1705099,1705134,1705194,1705217,1705257,1705749,1705776,1705823,1705826,1705828,1705833,1705922,1705983,1706275,1706523,1706595,1706627,1706635,1706637,1706640,1706918,1706942,1706989,1707002,1707230-1707231,1707497,1707512,1707519,1707591,1707626-1707627,1707640,1707831,1707883,1707889,1708107,1709008,1709587,1709596,1709602,1709995,1710095,1710105,1710231,1710380,1710391,1710403,1710419,1710572,1710583,1710723,1711479,1711553,1711648,1711728,1711902,1712382,1713040,1713043,1713209,1713937,1715023,1715255,1715273,1715567-1715568,1715570-1715572,1715576,1715581-1715585,1715886,171621
> 1,1716388,1716460,1716487,1716660,1716940,1717063,1717086,1717639,1717816,1717934,1717958,1717975,1717985,1718314,1718338,1718400,1718476,1718496,1718514,1718556,1718569,1718598,1719016,1719018,1719189-1719190,1719252,1719254-1719255,1719257,1719967,1720129,1720996,1721313,1721685,1721899,1722137,1722154,1722177,1722195,1722229,1722320,1722328,1722334,1722350-1722351,1722358,1722377,1722572,1722701,1723122,1723143,1723284,1723295,1723522,1723567,1723953,1724847,1724857,1724879,1724992-1724993,1724995,1725018,1725031,1725090,1725120,1725149,1725325,1725328,1725387,1725392,1725394-1725395,1725445,1725468,1725485,1725489,1725498-1725499,1725516,1725523,1725545,1725567,1725581,1725602,1725822,1725940,1725967,1726009,1726026,1726038,1726049,1726051-1726052,1726055,1726086,1726167,1726233,1726675,1726705,1726798,1726881,1726888,1727071,1727111,1727317,1727544,1727573,1727603,1727842,1728326,1728804,1729208,1729235,1729374,1729376,1729826,1729847,1729929-1729931,1729960,1730079,1730297,173
> 0640,1730723,1730865,1731929,1732228,1732252,1732353,1732369,1732716,1732954,1732986,1733056,1733064,1733068,1733088-1733089,1733275,1733523,1733537-1733538,1733691,1734006,1734125,1734239,1734294,1734412,1734561,1734635,1734807,1734817,1734947,1734955,1734989,1735088,1735159,1735337,1735608-1735609,1735611,1735668,1735786,1735891,1735906,1735931,1735935,1735942,1735952,1736156,1736186,1736243,1736250,1736463,1736681,1736686,1737006,1737014,1737020-1737021,1737102,1737114,1737125,1737254,1737256,1737265,1737447,1737449,1737451,1737476,1738217,1738331,1738333,1738464,1738466,1738486,1738563,1738628,1738631,1738633,1738635,1739008,1739146,1739151,1739193,1739201,1739303,1739312,1739738,1739932,1740075,1740084,1740108,1740110,1740155,1740735,1740910,1740928,1740960,1740967,1740987,1740998,1741045,1741065,1741112,1741115,1741268,1741277,1741310,1741392,1741414,1741446,1741461,1741557,1741564,1741570,1741596,1741621,1741648,1741934,1742005,1742135,1742260,1742359,1742444-1742447,1742460,
> 1742697,1742791-1742792,1743335,1743512,1743517,1743699,1743788,1743816,1744203-1744204,1744206,1744283,1744415,1744421,1744458-1744459,1744712,1744751,1744767,1744778,1744980,1745034,1745039,1745175,1745767,1745835,1745863-1745864,1746207,1746647,1746988,1747170,1747469,1747531,1747550,1747735,1747808,1747810,1747946,1748047,1748155,1748368,1748448,1748531,1748653,1748888,1749151,1749401-1749404,1749505,1749658-1749659,1749676,1749678,1749695,1749924-1749925,1750043,1750218,1750335,1750392,1750407,1750412,1750416,1750420,1750474,1750494,1750507-1750508,1750553,1750567,1750750,1750779,1750854-1750855,1750947,1750955,1750960,1751970,1752087,1752096,1752145,1752331-1752333,1752347,1752415,1753167,1753224,1753228-1753229,1753257,1753315-1753316,1753498,1753541,1753592,1753594,1753777,1754129,1754164,1754391,1754399,1754414,1754534,1755323,1756038,1756542,1756553,1756611,1756631,1756844,1756846,1756848,1756852-1756853,1756976,1757009-1757011,1757029-1757031,1757061,1757147,1757524,17575
> 34,1757540,1757662-1757663,1757985,1758003,1758083,1758307-1758311,1758446,1758558,1759415,1759984,1760018,1761434,1761477,1761479,1761548,1761714,1761824,1762512,1762515,1762517,1762580,1762701-1762703,1762718,1762723,1762742-1762743,1763158,1763246,1763613,1764005,1764040,1764046,1764236,1764243,1764255,1765318,1765328,1765357,1765420,1766097,1766129,1766160,1766308,1766424,1766691,1766851,1766857,1766998,1767128,1767180-1767181,1767553,1767564,1767803,1767936,1768160,1768245,1769192,1769332,1769550,1769593,1769596,1769600,1769718,1770395,1770750,1770752,1770768,1770771,1770828,1770951,1770998,1771001,1771015,1771789,1771791,1771827,1772339,1772489,1772504,1772576,1772812-1772813,1772919,1773159,1773162,1773293,1773346,1773397,1773761,1773779,1773812,1773861-1773862,1773865,1774008,1774018,1774023,1774068-1774069,1774286,1774288,1774538,1774541,1774602,1774609,1775173,1775195,1775199,1775487,1775664,1775770,1775775,1775813,1775833,1775858,1775944,1775946,1776458-1776459,1776463,17
> 76575,1776578,1776624,1776627,1776674,1776734-1776735,1776738,1776740,1776956,1777160,1777324,1777354,1777460,1777556-1777557,1777593-1777594,1777672,1777923,1778268,1778319,1778331,1778350,1778630,1779077,1779091,1779111,1779354,1779459,1779525,1779528,1779573-1779574,1779623,1779699,1779738,1779743,1779896,1779972,1779979,1780095,1780159,1780308,1780328-1780329,1780576,1780596,1780598,1780725,1780971,1781030-1781031,1781187,1781190,1781304,1781312-1781313,1781324,1781328-1781329,1781509,1781516,1781575,1781577,1781580,1781687,1781701,1782164,1782166,1782193-1782194,1782323,1782418-1782419,1782482,1782532,1782875,1782944,1782958,1782975,1783056,1783305,1783722-1783723,1783764-1783765,1783770,1783842,1783849,1784002,1784203,1784205,1784227-1784228,1784275,1784318,1784366,1784372,1784571,1785115,1785672,1785683,1785752-1785753,1785871,1785907,1785943,1786009,1786110,1786119,1786512,1786575-1786576,1786715,1787051,1787053,1787141,1787525,1787553,1787604,1788032-1788033,1788040,1788430
> ,1788451,1788508,1788672,1788674,1788981,1788996,1788998,1789000,1789220-1789221,1789224,1789276,1789279,1789387,1789395,1789520,1789535,1789692,1789740,1789800,1790102,1790113,1790169,1790284,1790457,1790691,1790754,1790826-1790827,1790842,1790850,1790852-1790853,1790855,1790860,1790973,1790978,1791377,1791388,1791400,1791669,1791773,1791790,1791975,1792092,1792195,1792212,1792589,1792675,1793525,1793533,1793932,1794049,1795635,1795651,1795830,1795834,1795931,1796343,1796348,1796350,1796446,1796493,1796864,1797550,1797745,1797844,1798785,1799341,1799435,1799437,1799784,1799786,1800126,1800173,1800306,1800393,1800594,1800689,1800788,1800809,1800815,1800817,1800819,1800830,1800833,1800917,1800919,1800978,1801143-1801144,1801148,1801456,1801594,1801665,1801994-1801995,1802040,1802305,1802309,1802336,1802535,1802618,1802845,1802875,1803392,1803396,1803398,1803420,1803454,1804090,1804096,1804530-1804531,1804542,1804545,1804671,1804759,1804787,1804975,1805099,1805163,1805180,1805188,1805
> 190,1805192,1805194-1805195,1805206,1805256,1805294,1805322,1805373,1805490,1806939,1806985,1807228,1807238,1807347,1807577,1807593,1807655,1807774,1807777,1807876,1808005,1808008,1808014,1808085,1808092,1808100,1808230,1808241-1808243,1808249,1808444,1808671,1808723,1808746,1808780,1809028,1809135,1809209,1809273,1809302-1809303,1809305,1809311,1809314,1809713,1809719,1809881,1809888,1809973,1809976,1809981,1810088-1810089,1810358,1810362-1810363,1810365,1810447,1810723,1811082,1811192,1811285,1811540-1811541,1811569-1811570,1811649,1811664,1811744,1811812,1811976,1812004,1812075,1812193,1812263,1812301,1812307,1812332,1812517-1812518,1812756,1812999,1813116,1813642-1813643,1813991,1814118,1814465,1814719-1814720,1814939,1814968,1815004-1815005,1815078,1815264,1815370,1815483,1816055,1816110,1816154,1816156,1816179,1816534,1816552,1816558,1816619,1816919,1816922,1816970,1817023,1817131,1817175,1817598,1817777,1817785,1818013,1818040,1818120,1818122,1818278-1818280,1818308,1818624,1
> 818725,1818792,1818802,1818804,1818825,1818849,1818924,1818951,1818958,1818960,1819027,1819214,1819847-1819848,1819852-1819853,1819855,1819969-1819970,1820035,1820101,1820464,1820808-1820809,1821095,1821371,1821374,1821504-1821505,1821558,1821561-1821562,1821595,1821624-1821627,1821629,1821632,1821635,1821639,1821644,1821647-1821651,1821659-1821660,1821767,1822305,1822366-1822367,1822502-1822503,1822509,1822511,1822537,1822624,1822849,1822858,1822878-1822879,1822883,1822931,1823047,1823179,1823412,1823415-1823416,1823482,1823564,1823572,1823575,1823886,1824176,1824303,1824332,1824336,1824343,1824381,1824390,1824454,1824460,1824463-1824464,1824482,1824497,1824811,1824862,1824877,1824973,1825147,1825169,1825368,1825370,1825467,1825504,1826207,1826556,1826686-1826687,1826845,1826847,1826973,1826995,1827001,1827166,1827196,1827362,1827366,1827374,1827599,1827604,1827654,1827671,1827783,1827865,1828210,1828232,1828390,1828485,1828493,1828669,1828687,1828879,1828890,1828912,1828920,182892
> 6-1828927,1829038-1829039,1829513,1829557,1829573,1829645,1829657,1830523,1830562,1830744,1830746,1830943-1830944,1831231,1831591,1831772,1831800,1832198,1832200,1832277,1832280,1832317,1832351,1832500,1832580-1832581,1832934,1832937,1832951,1832991,1833014,1833827,1833875-1833876,1834012-1834013,1834209,1834226,1834318,1834470,1835094,1835118,1835287,1836095,1836154,1836276,1836287,1836381-1836383,1836386,1836469,1836603,1837130,1837357,1837588-1837590,1837595,1838937,1839780,1840010,1840582,1840776
> +/httpd/httpd/trunk:1200475,1200478,1200482,1200491,1200496,1200513,1200550,1200556,1200580,1200605,1200612,1200614,1200639,1200646,1200656,1200667,1200679,1200699,1200702,1200955,1200957,1200961,1200963,1200968,1200975,1200977,1201032,1201042,1201111,1201194,1201198,1201202,1201443,1201450,1201460,1201956,1202236,1202453,1202456,1202886,1203400,1203491,1203632,1203714,1203859,1203980,1204630,1204968,1204990,1205061,1205075,1205379,1205885,1206291,1206472,1206587,1206850,1206940,1206978,1207719,1208753,1208835,1209053,1209085,1209417,1209432,1209461,1209601,1209603,1209618,1209623,1209741,1209754,1209766,1209776,1209797-1209798,1209811-1209812,1209814,1209908,1209910,1209913,1209916-1209917,1209947,1209952,1210067,1210080,1210120,1210124,1210130,1210148,1210219,1210221,1210252,1210284,1210336,1210378,1210725,1210892,1210951,1210954,1211351-1211352,1211364,1211490,1211495,1211528,1211663,1211680,1212872,1212883,1213338,1213380-1213381,1213391,1213399,1213567,1214003,1214005,1214015,12
> 15514,1220462,1220467,1220493,1220524,1220570,1220768,1220794,1220826,1220846,1221205,1221292,1222335,1222370,1222473,1222915,1222917,1222921,1222930,1223048,1225060,1225197-1225199,1225223,1225380,1225476,1225478,1225791,1225795-1225796,1226339,1226375,1227910,1228700,1228816,1229024,1229059,1229099,1229116,1229134,1229136,1229930,1230286,1231255,1231257,1231442,1231446,1231508,1231510,1231518,1232575,1232594,1232630,1232838,1234180,1234297,1234479,1234511,1234565,1234574,1234642-1234643,1234876,1234899,1235019,1236122,1236701,1237407,1238545,1238768,1239029-1239030,1239071,1239565,1240315,1240470,1240778,1241069,1241071,1242089,1242798,1242967,1243176,1243246,1243797,1243799,1244211,1245717,1290823,1290835,1291819-1291820,1291834,1291840,1292043,1293405,1293534-1293535,1293658,1293678,1293708,1294306,1294349,1294356,1294358,1294372,1294471,1297560,1299718,1299786,1300766,1301111,1301725,1302444,1302483,1302653,1302665,1302674,1303201,1303435,1303827,1304087,1304874-1304875,1305167
> ,1305586,1306350,1306409,1306426,1306841,1307790,1308327,1308459,1309536,1309567,1311468,1324760,1325218,1325227,1325250,1325265,1325275,1325632,1325724,1326980,1326984,1326991,1327689,1328325-1328326,1328339,1328345,1328950,1330189,1330964,1331110,1331115,1331942,1331977,1332378,1333969,1334343,1335882,1337344,1341905-1341906,1341913,1341930,1342065,1343085,1343087,1343094,1343099,1343109,1343935,1344712,1345147,1345319,1345329,1346905,1347980,1348036,1348653,1348656,1348660,1349905,1351012-1351020,1351071-1351072,1351074,1351737,1352047,1352534,1352909-1352912,1357685,1358061,1359057,1359881,1359884,1361153,1361298,1361766,1361773,1361778,1361784,1361791-1361792,1361801,1361803,1362020,1362538,1362707,1363035,1363183,1363186,1363312,1363440,1363557,1363589,1363829,1363832,1363836-1363837,1363853,1364133,1364138,1364229,1364601,1364695,1365001,1365020,1365029,1365479,1366319,1366344,1366621,1367778,1367819,1368053,1368058,1368094,1368121,1368131,1368393,1368396,1369419,1369568,1369
> 604,1369618,1369904,1369995,1369999,1370001,1370466,1370592,1370615-1370616,1370763,1371387,1371791,1371801,1371878,1371903,1373270,1373447,1373898,1373955,1374157,1374199,1374214,1374216,1374247,1374874,1374877,1374880,1375006,1375009,1375011,1375013,1375445,1375584,1376695,1376700,1378178,1383490,1384408,1384913,1386576,1386578,1386726,1386822,1386880,1386913,1387085,1387088,1387110,1387389,1387444,1387603,1387607,1387633,1387693,1387979,1388029,1388445,1388447,1388648,1388660,1388825,1388899,1389316,1389339,1389481,1389506,1389564,1389566-1389569,1390562,1390564,1391396,1391398,1391771,1392120,1392122,1392150,1392214,1392345-1392347,1392850,1393033,1393058,1393152,1393338,1393564,1394079,1395225,1395253-1395256,1395792,1396440,1397172,1397320,1397636,1397687,1397710,1397716,1398025,1398040,1398066,1398478,1398480-1398481,1398970,1399413,1399687,1399708,1400700,1401448,1402924,1403476,1403483,1403492,1404653,1405407,1405856,1405973,1406068,1406493,1406495,1406616,1406646,1406760,1
> 407004,1407006,1407085,1407088,1407248,1407381,1407459-1407460,1407528,1407853,1407965,1408093,1408402,1408958,1408961,1409170,1409437,1409726,1409800,1410681,1410954,1411862,1412278,1413732,1414094,1415008,1415023,1415075,1416121,1416150,1416278,1417197,1417440,1417529,1418524,1418556,1418648,1418655,1418703,1418721,1418752,1418761,1418765,1418769,1419084,1419719,1419726,1419755,1419781,1419796,1420120,1420124,1420149,1420184,1420644,1420685-1420686,1420975,1421288,1421323,1421851,1421912,1421953,1422135,1422549,1422594,1422712,1422855,1422937,1422943,1422980,1423353,1423933,1425360,1425771-1425772,1425775,1425777,1425874,1426850,1426975,1427546,1428184,1428280,1428916,1429228,1429559,1429561,1429564,1429582,1430575,1430814,1430869,1433001,1433613,1433682,1433861,1433988,1435178,1435811,1436058,1436401,1439083,1439106,1439114,1439404,1439623,1442309,1442320,1442326,1442412,1442759,1442865,1447993,1448171,1448453,1451478,1451484,1451633,1451830,1451849,1451905,1451921,1452128,145219
> 5,1452259,1452281,1452551,1452911,1452949,1452954,1453022,1453574,1453604,1453875-1453876,1453963,1453981,1454386,1454414-1454415,1454888,1457437,1457450,1457471,1457504,1457520-1457521,1457610,1457995,1458003-1458004,1458020,1458285,1458447,1458456,1462266,1462269,1462643,1463044-1463047,1463049,1463052,1463056,1463455,1463736,1463750,1463754,1464675,1464721,1464762,1465115-1465116,1465190,1467593,1467765,1468581,1470183,1470679,1470940,1471449,1475878,1476604,1476621,1476642,1476644-1476645,1476652,1476680,1477094,1477530,1478382,1478748,1479117,1479216,1479222,1479411,1479528,1479905,1479966,1480046,1480627,1481197,1481302,1481306,1481396-1481397,1481891,1482041,1482075,1482170,1482555,1482859,1482996,1483005,1483027,1483190,1484343,1484398,1484832,1484910,1484914,1485409,1485668,1486490,1487528,1487530,1487775,1488158,1488164,1488296,1488471,1488492,1488644,1490294,1490493,1490507,1490550,1490761,1490994,1491155,1491221,1491234,1491458,1491479,1491538,1491564,1491724,1492395,149
> 2663,1492710,1492782,1493257,1493330,1493921,1493925,1494532,1494536,1495501,1496194,1496338,1496429,1496709,1497371,1497588,1498880,1499679,1500323,1500345,1500362,1500423,1500437,1500483,1500519,1501294,1501369,1501399,1501827,1501913,1502665,1502772,1503680,1503866,1503990-1503991,1504276,1506474,1506714,1509872,1509983,1510084-1510085,1510098,1510295,1510588,1510707,1511093,1513492,1513508,1514039,1514064,1514214-1514215,1514255,1514267,1514617,1515050,1515162,1515403,1515411,1515420,1517025,1517045,1517175,1517366,1517386,1517388,1518265,1518269,1519475,1520368,1520445,1520760,1520908,1521909,1523235,1523239,1523281,1523387,1524101,1524158,1524192,1524368,1524388,1524770,1525276,1525280-1525281,1525931,1526168,1526189,1526647,1526666,1527008,1527220,1527291,1527294-1527295,1527509,1527925-1527926,1528143,1528718,1529014,1529277,1529449,1529559,1529988,1529991,1530793,1531340,1531370,1531505,1531672,1531961-1531962,1532281,1532289,1532746,1532816,1533065,1533224,1533810,1533935,
> 1534321,1534754,1534890,1534892,1534895-1534896,1534914,1536310,1537535,1537718,1538490,1540051-1540052,1541181,1541270,1541368,1542338,1542379,1542533,1542562,1542615,1543020,1543147,1543149,1543174,1544381,1544774,1544784,1544812,1544820,1545286,1545292,1545325,1545364,1545408,1545411,1546692-1546693,1546730,1546759-1546760,1546801,1546804-1546805,1546835-1546836,1546860,1547845,1550061,1550302,1550307,1551611,1551685,1551714,1551802,1552130,1552227,1553204,1553824,1554161,1554168,1554170,1554175-1554176,1554179,1554181,1554184,1554188,1554192,1554195,1554276,1554281,1554300-1554301,1554994-1554995,1555240,1555259,1555266,1555423-1555424,1555463-1555464,1555467,1555555,1555569,1555631,1556206,1556428,1556473,1556911-1556912,1556914,1556937,1557317,1557617,1558483,1559351,1559828,1560367,1560546,1560679,1560689,1560729,1560977,1560979,1561137,1561262,1561385,1561660,1561923,1562472,1563193,1563379,1563381,1563417-1563418,1563420,1564052,1564437,1564475,1564756,1564760,1565081,15657
> 11,1568404,1569615,1570288,1570598,1571369,1572092,1572198,1572543,1572561,1572611,1572630,1572655,1572663,1572668-1572671,1572896,1572905,1572911,1572967,1573224,1573229,1573626,1574151,1575400,1576233,1576741,1578760,1578762,1580568,1580928,1580935,1583005,1583007-1583008,1583027,1583175,1583191,1584098,1584417,1584430,1584434,1584572,1584653,1584658,1584665,1584703,1584878,1584884,1584896,1585054,1585072,1585090,1585157,1585435,1585609,1585824,1585918-1585919,1586745,1586827,1587036,1587040,1587053,1587255,1587594,1587607,1587639,1587654,1588054,1588065,1588213,1588330,1588427,1588519,1588527,1588704,1588806,1588851,1588853,1588868,1589413,1590437,1590509,1591143,1591320,1591322,1591328,1591390,1591394,1591401,1591472,1591508,1592032,1592037,1592500,1592511,1592514,1592529,1592615,1592632,1593745,1594625,1594643,1594648,1595305,1595321,1595426,1597182,1597349,1597352,1597533,1597639,1597642,1598107,1598946,1599012,1599535,1601076,1601184-1601185,1601274,1601291,1601559,1601624,16
> 01630,1601919,1601995,1602338,1602978,1602989,1603027,1603029,1603122,1603156,1603915,1604382,1604461,1604631,1605207,1605328,1605827,1605829,1607960,1608284,1608785,1608999,1609914,1609936,1609938,1610207,1610311,1610353,1610366,1610491,1610652,1610674,1611165,1611169,1611244,1611600,1611871,1611978,1612068,1615026,1615289,1617018,1617913,1618401,1618541,1618555,1619297,1619383,1619444,1619483,1619835,1620324,1620461,1620932,1621367,1621372,1621417,1621453,1621806,1622450,1624234,1624349,1625196,1625952,1626050,1626956,1626978,1628104,1628388,1628918-1628919,1628924,1628950,1629235,1629239,1629244,1629250,1629372,1629440-1629441,1629485,1629507-1629508,1629519,1629576-1629577,1629652,1629916,1631885,1632454,1632740,1632742,1633730-1633731,1633793,1634120,1634237,1634425,1634736,1634836,1635510,1635558,1635644-1635645,1635762,1637112,1638072-1638073,1638879,1639614,1640031,1640036,1640040,1640042,1640331,1641077,1641095,1641376,1642099,1642484,1642499,1642847,1642868,1643034,1643279
> ,1643284,1643537,1643825,1644245,1646282,1646724,1647035,1648201,1648394,1648433,1648719,1648840,1649001,1649043,1649491,1649632,1649966,1650047,1650061,1650309-1650310,1650320,1651088,1652829,1652929,1652931,1652955,1652982,1652985,1652989,1653941,1653978,1653997,1656225,1656549,1656669,1657256,1657261,1657636,1657638,1657685,1657881,1657897,1658760,1658765,1661067,1661258,1661448,1661464,1661486,1662245-1662246,1662437,1663017,1663647,1664071,1664133,1664205,1664299,1664565,1664709,1665215-1665216,1665218,1665625,1665643,1665721,1666297,1666361,1666363,1666415,1666417,1666468,1666617-1666618,1666998,1667385-1667386,1667676,1667707,1668532,1668535,1668553,1669130,1669289,1669292,1670434,1671364,1671396-1671397,1671918,1672289,1672453,1672466,1672480,1672483,1672564,1672757,1672985,1672989,1673113,1673155,1673368,1673455,1673769,1674056,1674538,1674542,1674606,1674632,1674697,1675103,1675410,1675533,1676085,1676654,1676709,1676842,1677096,1677143-1677146,1677149,1677151,1677153-1677
> 156,1677159,1677339,1677462,1677702,1677830,1677832,1677834-1677835,1678763,1679032,1679181-1679182,1679192,1679428,1679432,1679470,1679620,1679712,1680276,1680895,1680900,1680942,1681037,1681424,1681440,1681685,1681694,1681795,1682482,1682816,1682819,1682907,1682923,1682937,1682979,1682988,1683044,1683047,1683123,1683881,1683884,1684057,1684171,1684636,1684900,1685069,1685339,1685345,1685347,1685349-1685350,1685650,1685659,1685779,1686085,1686853,1686856,1687539,1687680,1687980,1688274,1688331,1688339-1688341,1688343,1688399,1688474-1688475,1688536,1688538,1688660,1689325,1689605,1689694,1689698,1690120,1690137,1690248,1691374,1691582,1691592,1691819,1691908,1692285,1692432,1692486,1692516,1693792,1693918-1693919,1693963,1694903,1694936,1694950-1694951,1695170,1695727,1695874,1695885,1695920,1696105,1696264,1696266,1696279,1696428,1696442,1696565,1696592,1696607,1696755,1696881,1697013,1697015,1697051,1697323,1697339,1697370,1697389,1697446,1697543,1697634,1697855,1698023,1698103,1
> 698107,1698116,1698133,1698330,1698334,1700271,1700275,1700317-1700322,1700326,1700328,1700330-1700332,1700334,1700336,1700338,1700418,1700514,1700777,1700851,1700917,1700925,1700968,1701005,1701145,1701178,1701204,1701347,1701436,1701545,1701717,1702643,1702919,1702948,1703152,1703241,1703248,1703417,1703642,1703807,1703813,1703822,1703871,1703902,1703952,1704099,1704241,1704262,1704797,1704799,1704826,1705099,1705134,1705194,1705217,1705257,1705749,1705776,1705823,1705826,1705828,1705833,1705922,1705983,1706275,1706523,1706595,1706627,1706635,1706637,1706640,1706918,1706942,1706989,1707002,1707230-1707231,1707497,1707512,1707519,1707591,1707626-1707627,1707640,1707831,1707883,1707889,1708107,1709008,1709587,1709596,1709602,1709995,1710095,1710105,1710231,1710380,1710391,1710403,1710419,1710572,1710583,1710723,1711479,1711553,1711648,1711728,1711902,1712382,1713040,1713043,1713209,1713937,1715023,1715255,1715273,1715567-1715568,1715570-1715572,1715576,1715581-1715585,1715886,171621
> 1,1716388,1716460,1716487,1716660,1716940,1717063,1717086,1717639,1717816,1717934,1717958,1717975,1717985,1718314,1718338,1718400,1718476,1718496,1718514,1718556,1718569,1718598,1719016,1719018,1719189-1719190,1719252,1719254-1719255,1719257,1719967,1720129,1720996,1721313,1721685,1721899,1722137,1722154,1722177,1722195,1722229,1722320,1722328,1722334,1722350-1722351,1722358,1722377,1722572,1722701,1723122,1723143,1723284,1723295,1723522,1723567,1723953,1724847,1724857,1724879,1724992-1724993,1724995,1725018,1725031,1725090,1725120,1725149,1725325,1725328,1725387,1725392,1725394-1725395,1725445,1725468,1725485,1725489,1725498-1725499,1725516,1725523,1725545,1725567,1725581,1725602,1725822,1725940,1725967,1726009,1726026,1726038,1726049,1726051-1726052,1726055,1726086,1726167,1726233,1726675,1726705,1726798,1726881,1726888,1727071,1727111,1727317,1727544,1727573,1727603,1727842,1728326,1728804,1729208,1729235,1729374,1729376,1729826,1729847,1729929-1729931,1729960,1730079,1730297,173
> 0640,1730723,1730865,1731929,1732228,1732252,1732353,1732369,1732716,1732954,1732986,1733056,1733064,1733068,1733088-1733089,1733275,1733523,1733537-1733538,1733691,1734006,1734125,1734239,1734294,1734412,1734561,1734635,1734807,1734817,1734947,1734955,1734989,1735088,1735159,1735337,1735608-1735609,1735611,1735668,1735786,1735891,1735906,1735931,1735935,1735942,1735952,1736156,1736186,1736243,1736250,1736463,1736681,1736686,1737006,1737014,1737020-1737021,1737102,1737114,1737125,1737254,1737256,1737265,1737447,1737449,1737451,1737476,1738217,1738331,1738333,1738464,1738466,1738486,1738563,1738628,1738631,1738633,1738635,1739008,1739146,1739151,1739193,1739201,1739303,1739312,1739738,1739932,1740075,1740084,1740108,1740110,1740155,1740735,1740910,1740928,1740960,1740967,1740987,1740998,1741045,1741065,1741112,1741115,1741268,1741277,1741310,1741392,1741414,1741446,1741461,1741557,1741564,1741570,1741596,1741621,1741648,1741934,1742005,1742135,1742260,1742359,1742444-1742447,1742460,
> 1742697,1742791-1742792,1743335,1743512,1743517,1743699,1743788,1743816,1744203-1744204,1744206,1744283,1744415,1744421,1744458-1744459,1744712,1744751,1744767,1744778,1744980,1745034,1745039,1745175,1745767,1745835,1745863-1745864,1746207,1746647,1746988,1747170,1747469,1747531,1747550,1747735,1747808,1747810,1747946,1748047,1748155,1748368,1748448,1748531,1748653,1748888,1749151,1749401-1749404,1749505,1749658-1749659,1749676,1749678,1749695,1749924-1749925,1750043,1750218,1750335,1750392,1750407,1750412,1750416,1750420,1750474,1750494,1750507-1750508,1750553,1750567,1750750,1750779,1750854-1750855,1750947,1750955,1750960,1751970,1752087,1752096,1752145,1752331-1752333,1752347,1752415,1753167,1753224,1753228-1753229,1753257,1753315-1753316,1753498,1753541,1753592,1753594,1753777,1754129,1754164,1754391,1754399,1754414,1754534,1755323,1756038,1756542,1756553,1756611,1756631,1756844,1756846,1756848,1756852-1756853,1756976,1757009-1757011,1757029-1757031,1757061,1757147,1757524,17575
> 34,1757540,1757662-1757663,1757985,1758003,1758083,1758307-1758311,1758446,1758558,1759415,1759984,1760018,1761434,1761477,1761479,1761548,1761714,1761824,1762512,1762515,1762517,1762580,1762701-1762703,1762718,1762723,1762742-1762743,1763158,1763246,1763613,1764005,1764040,1764046,1764236,1764243,1764255,1765318,1765328,1765357,1765420,1766097,1766129,1766160,1766308,1766424,1766691,1766851,1766857,1766998,1767128,1767180-1767181,1767553,1767564,1767803,1767936,1768160,1768245,1769192,1769332,1769550,1769593,1769596,1769600,1769718,1770395,1770750,1770752,1770768,1770771,1770828,1770951,1770998,1771001,1771015,1771789,1771791,1771827,1772339,1772489,1772504,1772576,1772812-1772813,1772919,1773159,1773162,1773293,1773346,1773397,1773761,1773779,1773812,1773861-1773862,1773865,1774008,1774018,1774023,1774068-1774069,1774286,1774288,1774538,1774541,1774602,1774609,1775173,1775195,1775199,1775487,1775664,1775770,1775775,1775813,1775833,1775858,1775944,1775946,1776458-1776459,1776463,17
> 76575,1776578,1776624,1776627,1776674,1776734-1776735,1776738,1776740,1776956,1777160,1777324,1777354,1777460,1777556-1777557,1777593-1777594,1777672,1777923,1778268,1778319,1778331,1778350,1778630,1779077,1779091,1779111,1779354,1779459,1779525,1779528,1779573-1779574,1779623,1779699,1779738,1779743,1779896,1779972,1779979,1780095,1780159,1780308,1780328-1780329,1780576,1780596,1780598,1780725,1780971,1781030-1781031,1781187,1781190,1781304,1781312-1781313,1781324,1781328-1781329,1781509,1781516,1781575,1781577,1781580,1781687,1781701,1782164,1782166,1782193-1782194,1782323,1782418-1782419,1782482,1782532,1782875,1782944,1782958,1782975,1783056,1783305,1783722-1783723,1783764-1783765,1783770,1783842,1783849,1784002,1784203,1784205,1784227-1784228,1784275,1784318,1784366,1784372,1784571,1785115,1785672,1785683,1785752-1785753,1785871,1785907,1785943,1786009,1786110,1786119,1786512,1786575-1786576,1786715,1787051,1787053,1787141,1787525,1787553,1787604,1788032-1788033,1788040,1788430
> ,1788451,1788508,1788672,1788674,1788981,1788996,1788998,1789000,1789220-1789221,1789224,1789276,1789279,1789387,1789395,1789520,1789535,1789692,1789740,1789800,1790102,1790113,1790169,1790284,1790457,1790691,1790754,1790826-1790827,1790842,1790850,1790852-1790853,1790855,1790860,1790973,1790978,1791377,1791388,1791400,1791669,1791773,1791790,1791975,1792092,1792195,1792212,1792589,1792675,1793525,1793533,1793932,1794049,1795635,1795651,1795830,1795834,1795931,1796343,1796348,1796350,1796446,1796493,1796864,1797550,1797745,1797844,1798785,1799341,1799435,1799437,1799784,1799786,1800126,1800173,1800306,1800393,1800594,1800689,1800788,1800809,1800815,1800817,1800819,1800830,1800833,1800917,1800919,1800978,1801143-1801144,1801148,1801456,1801594,1801665,1801994-1801995,1802040,1802305,1802309,1802336,1802535,1802618,1802845,1802875,1803392,1803396,1803398,1803420,1803454,1804090,1804096,1804530-1804531,1804542,1804545,1804671,1804759,1804787,1804975,1805099,1805163,1805180,1805188,1805
> 190,1805192,1805194-1805195,1805206,1805256,1805294,1805322,1805373,1805490,1806939,1806985,1807228,1807238,1807347,1807577,1807593,1807655,1807774,1807777,1807876,1808005,1808008,1808014,1808085,1808092,1808100,1808230,1808241-1808243,1808249,1808444,1808671,1808723,1808746,1808780,1809028,1809135,1809209,1809273,1809302-1809303,1809305,1809311,1809314,1809713,1809719,1809881,1809888,1809973,1809976,1809981,1810088-1810089,1810358,1810362-1810363,1810365,1810447,1810723,1811082,1811192,1811285,1811540-1811541,1811569-1811570,1811649,1811664,1811744,1811812,1811976,1812004,1812075,1812193,1812263,1812301,1812307,1812332,1812517-1812518,1812756,1812999,1813116,1813642-1813643,1813991,1814118,1814465,1814719-1814720,1814939,1814968,1815004-1815005,1815078,1815264,1815370,1815483,1816055,1816110,1816154,1816156,1816179,1816534,1816552,1816558,1816619,1816919,1816922,1816970,1817023,1817131,1817175,1817598,1817777,1817785,1818013,1818040,1818120,1818122,1818278-1818280,1818308,1818624,1
> 818725,1818792,1818802,1818804,1818825,1818849,1818924,1818951,1818958,1818960,1819027,1819214,1819847-1819848,1819852-1819853,1819855,1819969-1819970,1820035,1820101,1820464,1820808-1820809,1821095,1821371,1821374,1821504-1821505,1821558,1821561-1821562,1821595,1821624-1821627,1821629,1821632,1821635,1821639,1821644,1821647-1821651,1821659-1821660,1821767,1822305,1822366-1822367,1822502-1822503,1822509,1822511,1822537,1822624,1822849,1822858,1822878-1822879,1822883,1822931,1823047,1823179,1823412,1823415-1823416,1823482,1823564,1823572,1823575,1823886,1824176,1824303,1824332,1824336,1824343,1824381,1824390,1824454,1824460,1824463-1824464,1824482,1824497,1824811,1824862,1824877,1824973,1825147,1825169,1825368,1825370,1825467,1825504,1826207,1826556,1826686-1826687,1826845,1826847,1826973,1826995,1827001,1827166,1827196,1827362,1827366,1827374,1827599,1827604,1827654,1827671,1827783,1827865,1827912,1827924,1827992,1828210,1828222,1828232,1828390,1828485,1828493,1828669,1828687,182872
> 0,1828723,1828790-1828792,1828879,1828890,1828912,1828920,1828926-1828927,1829038-1829039,1829513,1829557,1829573,1829645,1829657,1830523,1830562,1830744,1830746,1830943-1830944,1831231,1831591,1831772,1831800,1832198,1832200,1832277,1832280,1832317,1832351,1832500,1832580-1832581,1832934,1832937,1832951,1832991,1833014,1833588-1833589,1833827,1833875-1833876,1834012-1834013,1834209,1834226,1834318,1834470,1835094,1835118,1835287,1836095,1836154,1836276,1836287,1836381-1836383,1836386,1836469,1836603,1837130,1837357,1837588-1837590,1837595,1838937,1839780,1839920,1839946,1840010,1840582,1840585,1840710,1840776,1841218
> 
> Modified: httpd/httpd/branches/2.4.x/CHANGES
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/CHANGES?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/CHANGES [utf-8] (original)
> +++ httpd/httpd/branches/2.4.x/CHANGES [utf-8] Fri Sep 21 12:14:05 2018
> @@ -1,6 +1,19 @@
>                                                          -*- coding: utf-8 -*-
> Changes with Apache 2.4.36
> 
> +  *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. 
> +     SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.
> +     Directive "SSLVerifyClient" now triggers certificate retrieval from the client.
> +     Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,
> +     as this would need to trigger the master connection thread - which we do not support
> +     right now.
> +     Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"
> +     does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and
> +     TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.
> +     Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they 
> +     can match their needs onto the TLSv1.3 protocol.
> +     [Yann Ylavic, Stefan Eissing]
> +
>   *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces
>      should be accepted after the authorization scheme. \t are also tolerated.
>      [Christophe Jaillet]
> 
> Modified: httpd/httpd/branches/2.4.x/STATUS
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/STATUS?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/STATUS (original)
> +++ httpd/httpd/branches/2.4.x/STATUS Fri Sep 21 12:14:05 2018
> @@ -124,26 +124,6 @@ RELEASE SHOWSTOPPERS:
> PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
>   [ start all new proposals below, under PATCHES PROPOSED. ]
> 
> -   *) Add TLSv1.3 support to mod_ssl:
> -      trunk: http://svn.apache.org/r1839946
> -             http://svn.apache.org/r1839920
> -             http://svn.apache.org/r1833589
> -             http://svn.apache.org/r1833588
> -             http://svn.apache.org/r1828723
> -             http://svn.apache.org/r1828720
> -             http://svn.apache.org/r1828222
> -             http://svn.apache.org/r1827992
> -             http://svn.apache.org/r1827924
> -             http://svn.apache.org/r1827912
> -             http://svn.apache.org/r1828790
> -             http://svn.apache.org/r1828791
> -             http://svn.apache.org/r1828792
> -             http://svn.apache.org/r1840585
> -             http://svn.apache.org/r1840710
> -             http://svn.apache.org/r1841218
> -      2.4.x branch: svn merge ^/httpd/httpd/branches/tlsv1.3-for-2.4.x
> -      +1: icing, jorton, minfrin (tested on openssl-1.0.2j and openssl-1.1.1)
> -
> 
> 
> PATCHES PROPOSED TO BACKPORT FROM TRUNK:
> 
> Modified: httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml (original)
> +++ httpd/httpd/branches/2.4.x/docs/manual/mod/mod_ssl.xml Fri Sep 21 12:14:05 2018
> @@ -654,6 +654,11 @@ The available (case-insensitive) <em>pro
>     A revision of the TLS 1.1 protocol, as defined in
>     <a href="http://www.ietf.org/rfc/rfc5246.txt";>RFC 5246</a>.</p></li>
> 
> +<li><code>TLSv1.3</code> (when using OpenSSL 1.1.1 and later)
> +    <p>
> +    A new version of the TLS protocol, as defined in
> +    <a href="https://github.com/tlswg/tls13-spec";>RFC TBD</a>.</p></li>
> +
> <li><code>all</code>
>     <p>
>     This is a shortcut for ``<code>+SSLv3 +TLSv1</code>'' or
> @@ -674,7 +679,7 @@ SSLProtocol TLSv1
> <name>SSLCipherSuite</name>
> <description>Cipher Suite available for negotiation in SSL
> handshake</description>
> -<syntax>SSLCipherSuite <em>cipher-spec</em></syntax>
> +<syntax>SSLCipherSuite [<em>protocol</em>] <em>cipher-spec</em></syntax>
> <default>SSLCipherSuite DEFAULT (depends on OpenSSL version)</default>
> <contextlist><context>server config</context>
> <context>virtual host</context>
> @@ -686,12 +691,25 @@ handshake</description>
> <p>
> This complex directive uses a colon-separated <em>cipher-spec</em> string
> consisting of OpenSSL cipher specifications to configure the Cipher Suite the
> -client is permitted to negotiate in the SSL handshake phase. Notice that this
> -directive can be used both in per-server and per-directory context. In
> -per-server context it applies to the standard SSL handshake when a connection
> +client is permitted to negotiate in the SSL handshake phase. The optional 
> +protocol specifier can configure the Cipher Suite for a specific SSL version.
> +Possible values include "SSL" for all SSL Protocols up to and including TLSv1.2. 
> +<p>
> +Notice that this
> +directive can be used both in per-server and per-directory context. 
> +In per-server context it applies to the standard SSL handshake when a connection
> is established. In per-directory context it forces a SSL renegotiation with the
> reconfigured Cipher Suite after the HTTP request was read but before the HTTP
> -response is sent.</p>
> +response is sent. (Since renegotiation is not</p>
> +<p>
> +If the SSL library supports TLSv1.3 (OpenSSL 1.1.1 and later), the protocol 
> +specifier "TLSv1.3" can be used to configure the cipher suites for that protocol.
> +Since TLSv1.3 does not offer renegotiations, specifying ciphers for it in
> +a directory context is not allowed.</p>
> +<p>
> +For a list of TLSv1.3 cipher names, see 
> +<a href="https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_ciphersuites.html";>the OpenSSL
> +documentation</a>.</p>
> <p>
> An SSL cipher specification in <em>cipher-spec</em> is composed of 4 major
> attributes plus a few extra minor ones:</p>
> @@ -2063,7 +2081,7 @@ for additional information.
> <name>SSLProxyCipherSuite</name>
> <description>Cipher Suite available for negotiation in SSL
> proxy handshake</description>
> -<syntax>SSLProxyCipherSuite <em>cipher-spec</em></syntax>
> +<syntax>SSLProxyCipherSuite [<em>protocol</em>] <em>cipher-spec</em></syntax>
> <default>SSLProxyCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+EXP</default>
> <contextlist><context>server config</context> <context>virtual host</context>
> <context>proxy section</context></contextlist>
> 
> Modified: httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/ssl/mod_ssl.c Fri Sep 21 12:14:05 2018
> @@ -93,9 +93,9 @@ static const command_rec ssl_config_cmds
>     SSL_CMD_SRV(FIPS, FLAG,
>                 "Enable FIPS-140 mode "
>                 "(`on', `off')")
> -    SSL_CMD_ALL(CipherSuite, TAKE1,
> -                "Colon-delimited list of permitted SSL Ciphers "
> -                "('XXX:...:XXX' - see manual)")
> +    SSL_CMD_ALL(CipherSuite, TAKE12,
> +                "Colon-delimited list of permitted SSL Ciphers, optional preceeded "
> +                "by protocol identifier ('XXX:...:XXX' - see manual)")
>     SSL_CMD_SRV(CertificateFile, TAKE1,
>                 "SSL Server Certificate file "
>                 "('/path/to/file' - PEM or DER encoded)")
> @@ -185,9 +185,9 @@ static const command_rec ssl_config_cmds
>     SSL_CMD_PXY(ProxyProtocol, RAW_ARGS,
>                "SSL Proxy: enable or disable SSL protocol flavors "
>                 "('[+-][" SSL_PROTOCOLS "] ...' - see manual)")
> -    SSL_CMD_PXY(ProxyCipherSuite, TAKE1,
> +    SSL_CMD_PXY(ProxyCipherSuite, TAKE12,
>                "SSL Proxy: colon-delimited list of permitted SSL ciphers "
> -               "('XXX:...:XXX' - see manual)")
> +               ", optionally preceeded by protocol specifier ('XXX:...:XXX' - see manual)")
>     SSL_CMD_PXY(ProxyVerify, TAKE1,
>                "SSL Proxy: whether to verify the remote certificate "
>                "('on' or 'off')")
> @@ -398,7 +398,7 @@ static int ssl_hook_pre_config(apr_pool_
>     /* We must register the library in full, to ensure our configuration
>      * code can successfully test the SSL environment.
>      */
> -#if MODSSL_USE_OPENSSL_PRE_1_1_API
> +#if MODSSL_USE_OPENSSL_PRE_1_1_API || defined(LIBRESSL_VERSION_NUMBER)
>     (void)CRYPTO_malloc_init();
> #else
>     OPENSSL_malloc_init();
> 
> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_config.c Fri Sep 21 12:14:05 2018
> @@ -136,6 +136,7 @@ static void modssl_ctx_init(modssl_ctx_t
>     mctx->auth.cipher_suite   = NULL;
>     mctx->auth.verify_depth   = UNSET;
>     mctx->auth.verify_mode    = SSL_CVERIFY_UNSET;
> +    mctx->auth.tls13_ciphers = NULL;
> 
>     mctx->ocsp_mask           = UNSET;
>     mctx->ocsp_force_default  = UNSET;
> @@ -280,6 +281,7 @@ static void modssl_ctx_cfg_merge(apr_poo
>     cfgMergeString(auth.cipher_suite);
>     cfgMergeInt(auth.verify_depth);
>     cfgMerge(auth.verify_mode, SSL_CVERIFY_UNSET);
> +    cfgMergeString(auth.tls13_ciphers);
> 
>     cfgMergeInt(ocsp_mask);
>     cfgMergeBool(ocsp_force_default);
> @@ -761,22 +763,37 @@ const char *ssl_cmd_SSLFIPS(cmd_parms *c
> 
> const char *ssl_cmd_SSLCipherSuite(cmd_parms *cmd,
>                                    void *dcfg,
> -                                   const char *arg)
> +                                   const char *arg1, const char *arg2)
> {
>     SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
>     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
> 
> -    /* always disable null and export ciphers */
> -    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
> -
> -    if (cmd->path) {
> -        dc->szCipherSuite = arg;
> +    if (arg2 == NULL) {
> +        arg2 = arg1;
> +        arg1 = "SSL";
>     }
> -    else {
> -        sc->server->auth.cipher_suite = arg;
> +    
> +    if (!strcmp("SSL", arg1)) {
> +        /* always disable null and export ciphers */
> +        arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
> +        if (cmd->path) {
> +            dc->szCipherSuite = arg2;
> +        }
> +        else {
> +            sc->server->auth.cipher_suite = arg2;
> +        }
> +        return NULL;
>     }
> -
> -    return NULL;
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    else if (!strcmp("TLSv1.3", arg1)) {
> +        if (cmd->path) {
> +            return "TLSv1.3 ciphers cannot be set inside a directory context";
> +        }
> +        sc->server->auth.tls13_ciphers = arg2;
> +        return NULL;
> +    }
> +#endif
> +    return apr_pstrcat(cmd->pool, "procotol '", arg1, "' not supported", NULL);
> }
> 
> #define SSL_FLAGS_CHECK_FILE \
> @@ -1445,6 +1462,9 @@ static const char *ssl_cmd_protocol_pars
>         else if (strcEQ(w, "TLSv1.2")) {
>             thisopt = SSL_PROTOCOL_TLSV1_2;
>         }
> +        else if (SSL_HAVE_PROTOCOL_TLSV1_3 && strcEQ(w, "TLSv1.3")) {
> +            thisopt = SSL_PROTOCOL_TLSV1_3;
> +        }
> #endif
>         else if (strcEQ(w, "all")) {
>             thisopt = SSL_PROTOCOL_ALL;
> @@ -1506,16 +1526,28 @@ const char *ssl_cmd_SSLProxyProtocol(cmd
> 
> const char *ssl_cmd_SSLProxyCipherSuite(cmd_parms *cmd,
>                                         void *dcfg,
> -                                        const char *arg)
> +                                        const char *arg1, const char *arg2)
> {
>     SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
> -
> -    /* always disable null and export ciphers */
> -    arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
> -
> -    dc->proxy->auth.cipher_suite = arg;
> -
> -    return NULL;
> +    
> +    if (arg2 == NULL) {
> +        arg2 = arg1;
> +        arg1 = "SSL";
> +    }
> +    
> +    if (!strcmp("SSL", arg1)) {
> +        /* always disable null and export ciphers */
> +        arg2 = apr_pstrcat(cmd->pool, arg2, ":!aNULL:!eNULL:!EXP", NULL);
> +        dc->proxy->auth.cipher_suite = arg2;
> +        return NULL;
> +    }
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    else if (!strcmp("TLSv1.3", arg1)) {
> +        dc->proxy->auth.tls13_ciphers = arg2;
> +        return NULL;
> +    }
> +#endif
> +    return apr_pstrcat(cmd->pool, "procotol '", arg1, "' not supported", NULL);
> }
> 
> const char *ssl_cmd_SSLProxyVerify(cmd_parms *cmd,
> 
> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_init.c Fri Sep 21 12:14:05 2018
> @@ -568,6 +568,9 @@ static apr_status_t ssl_init_ctx_protoco
> #ifdef HAVE_TLSV1_X
>                      (protocol & SSL_PROTOCOL_TLSV1_1 ? "TLSv1.1, " : ""),
>                      (protocol & SSL_PROTOCOL_TLSV1_2 ? "TLSv1.2, " : ""),
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +                     (protocol & SSL_PROTOCOL_TLSV1_3 ? "TLSv1.3, " : ""),
> +#endif
> #endif
>                      NULL);
>     cp[strlen(cp)-2] = NUL;
> @@ -600,6 +603,13 @@ static apr_status_t ssl_init_ctx_protoco
>             TLSv1_2_client_method() : /* proxy */
>             TLSv1_2_server_method();  /* server */
>     }
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    else if (protocol == SSL_PROTOCOL_TLSV1_3) {
> +        method = mctx->pkp ?
> +            TLSv1_3_client_method() : /* proxy */
> +            TLSv1_3_server_method();  /* server */
> +    }
> +#endif
> #endif
>     else { /* For multiple protocols, we need a flexible method */
>         method = mctx->pkp ?
> @@ -617,7 +627,8 @@ static apr_status_t ssl_init_ctx_protoco
> 
>     SSL_CTX_set_options(ctx, SSL_OP_ALL);
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L  || \
> +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20800000L)
>     /* always disable SSLv2, as per RFC 6176 */
>     SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2);
> 
> @@ -639,10 +650,19 @@ static apr_status_t ssl_init_ctx_protoco
>     if (!(protocol & SSL_PROTOCOL_TLSV1_2)) {
>         SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_2);
>     }
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    ssl_set_ctx_protocol_option(s, ctx, SSL_OP_NO_TLSv1_3,
> +                                protocol & SSL_PROTOCOL_TLSV1_3, "TLSv1.3");
> +#endif
> #endif
> 
> #else /* #if OPENSSL_VERSION_NUMBER < 0x10100000L */
>     /* We first determine the maximum protocol version we should provide */
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    if (SSL_HAVE_PROTOCOL_TLSV1_3 && (protocol & SSL_PROTOCOL_TLSV1_3)) {
> +        prot = TLS1_3_VERSION;
> +    } else  
> +#endif
>     if (protocol & SSL_PROTOCOL_TLSV1_2) {
>         prot = TLS1_2_VERSION;
>     } else if (protocol & SSL_PROTOCOL_TLSV1_1) {
> @@ -664,6 +684,11 @@ static apr_status_t ssl_init_ctx_protoco
> 
>     /* Next we scan for the minimal protocol version we should provide,
>      * but we do not allow holes between max and min */
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    if (prot == TLS1_3_VERSION && protocol & SSL_PROTOCOL_TLSV1_2) {
> +        prot = TLS1_2_VERSION;
> +    }
> +#endif
>     if (prot == TLS1_2_VERSION && protocol & SSL_PROTOCOL_TLSV1_1) {
>         prot = TLS1_1_VERSION;
>     }
> @@ -736,6 +761,13 @@ static apr_status_t ssl_init_ctx_protoco
>         SSL_CTX_set_mode(ctx, SSL_MODE_RELEASE_BUFFERS);
> #endif
> 
> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
> +    /* For OpenSSL >=1.1.1, disable auto-retry mode so it's possible
> +     * to consume handshake records without blocking for app-data.
> +     * https://github.com/openssl/openssl/issues/7178 */
> +    SSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY);
> +#endif
> +    
>     return APR_SUCCESS;
> }
> 
> @@ -888,7 +920,15 @@ static apr_status_t ssl_init_ctx_cipher_
>         ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
>         return ssl_die(s);
>     }
> -
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    if (mctx->auth.tls13_ciphers 
> +        && !SSL_CTX_set_ciphersuites(ctx, mctx->auth.tls13_ciphers)) {
> +        ap_log_error(APLOG_MARK, APLOG_EMERG, 0, s, APLOGNO()
> +                "Unable to configure permitted TLSv1.3 ciphers");
> +        ssl_log_ssl_error(SSLLOG_MARK, APLOG_EMERG, s);
> +        return ssl_die(s);
> +    }
> +#endif
>     return APR_SUCCESS;
> }
> 
> @@ -1452,6 +1492,13 @@ static apr_status_t ssl_init_proxy_certs
>     X509_STORE_CTX *sctx;
>     X509_STORE *store = SSL_CTX_get_cert_store(mctx->ssl_ctx);
> 
> +#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
> +    /* For OpenSSL >=1.1.1, turn on client cert support which is
> +     * otherwise turned off by default (by design).
> +     * https://github.com/openssl/openssl/issues/6933 */
> +    SSL_CTX_set_post_handshake_auth(mctx->ssl_ctx, 1);
> +#endif
> +    
>     SSL_CTX_set_client_cert_cb(mctx->ssl_ctx,
>                                ssl_callback_proxy_cert);
> 
> 
> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c (original)
> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_engine_kernel.c Fri Sep 21 12:14:05 2018
> @@ -188,6 +188,12 @@ static int ssl_auth_compatible(modssl_au
>             || strcmp(a1->cipher_suite, a2->cipher_suite))) {
>         return 0;
>     }
> +    /* both have the same ca cipher suite string */
> +    if ((a1->tls13_ciphers != a2->tls13_ciphers)
> +        && (!a1->tls13_ciphers || !a2->tls13_ciphers 
> +            || strcmp(a1->tls13_ciphers, a2->tls13_ciphers))) {
> +        return 0;
> +    }
>     return 1;
> }
> 
> @@ -424,87 +430,70 @@ static void ssl_configure_env(request_re
>     }
> }
> 
> -/*
> - *  Access Handler
> - */
> -int ssl_hook_Access(request_rec *r)
> +static int ssl_check_post_client_verify(request_rec *r, SSLSrvConfigRec *sc, 
> +                                        SSLDirConfigRec *dc, SSLConnRec *sslconn,
> +                                        SSL *ssl)
> {
> -    SSLDirConfigRec *dc         = myDirConfig(r);
> -    SSLSrvConfigRec *sc         = mySrvConfig(r->server);
> -    SSLConnRec *sslconn         = myConnConfig(r->connection);
> -    SSL *ssl                    = sslconn ? sslconn->ssl : NULL;
> -    server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
> -    SSLSrvConfigRec *hssc       = handshakeserver? mySrvConfig(handshakeserver) : NULL;
> -    SSL_CTX *ctx = NULL;
> -    apr_array_header_t *requires;
> -    ssl_require_t *ssl_requires;
> -    int ok, i;
> -    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
>     X509 *cert;
> -    X509 *peercert;
> -    X509_STORE *cert_store = NULL;
> -    X509_STORE_CTX *cert_store_ctx;
> -    STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
> -    const SSL_CIPHER *cipher = NULL;
> -    int depth, verify_old, verify, n, is_slave = 0;
> -    const char *ncipher_suite;
> -
> -    /* On a slave connection, we do not expect to have an SSLConnRec, but
> -     * our master connection might have one. */
> -    if (!(sslconn && ssl) && r->connection->master) {
> -        sslconn         = myConnConfig(r->connection->master);
> -        ssl             = sslconn ? sslconn->ssl : NULL;
> -        handshakeserver = sslconn ? sslconn->server : NULL;
> -        hssc            = handshakeserver? mySrvConfig(handshakeserver) : NULL;
> -        is_slave        = 1;
> -    }
> 
> -    if (ssl) {
> -        /*
> -         * We should have handshaken here (on handshakeserver),
> -         * otherwise we are being redirected (ErrorDocument) from
> -         * a renegotiation failure below. The access is still 
> -         * forbidden in the latter case, let ap_die() handle
> -         * this recursive (same) error.
> -         */
> -        if (!SSL_is_init_finished(ssl)) {
> -            return HTTP_FORBIDDEN;
> +    /*
> +     * Remember the peer certificate's DN
> +     */
> +    if ((cert = SSL_get_peer_certificate(ssl))) {
> +        if (sslconn->client_cert) {
> +            X509_free(sslconn->client_cert);
>         }
> -        ctx = SSL_get_SSL_CTX(ssl);
> +        sslconn->client_cert = cert;
> +        sslconn->client_dn = NULL;
>     }
> -
> +    
>     /*
> -     * Support for SSLRequireSSL directive
> +     * Finally check for acceptable renegotiation results
>      */
> -    if (dc->bSSLRequired && !ssl) {
> -        if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !is_slave) {
> -            /* This vhost was configured for optional SSL, just tell the
> -             * client that we need to upgrade.
> -             */
> -            apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
> -            apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
> +    if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
> +        (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
> +        BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
> +                          (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
> +
> +        if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
> +            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
> +                          "Re-negotiation handshake failed: "
> +                          "Client verification failed");
> 
> -            return HTTP_UPGRADE_REQUIRED;
> +            return HTTP_FORBIDDEN;
>         }
> 
> -        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
> -                      "access to %s failed, reason: %s",
> -                      r->filename, "SSL connection required");
> -
> -        /* remember forbidden access for strict require option */
> -        apr_table_setn(r->notes, "ssl-access-forbidden", "1");
> +        if (do_verify) {
> +            if (cert == NULL) {
> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
> +                              "Re-negotiation handshake failed: "
> +                              "Client certificate missing");
> 
> -        return HTTP_FORBIDDEN;
> +                return HTTP_FORBIDDEN;
> +            }
> +        }
>     }
> +    return OK;
> +}
> 
> -    /*
> -     * Check to see whether SSL is in use; if it's not, then no
> -     * further access control checks are relevant.  (the test for
> -     * sc->enabled is probably strictly unnecessary)
> -     */
> -    if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
> -        return DECLINED;
> -    }
> +/*
> + *  Access Handler, classic flavour, for SSL/TLS up to v1.2 
> + *  where everything can be renegotiated and no one is happy.
> + */
> +static int ssl_hook_Access_classic(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
> +                                   SSLConnRec *sslconn, SSL *ssl)
> +{
> +    server_rec *handshakeserver = sslconn ? sslconn->server : NULL;
> +    SSLSrvConfigRec *hssc       = handshakeserver? mySrvConfig(handshakeserver) : NULL;
> +    SSL_CTX *ctx = NULL;
> +    BOOL renegotiate = FALSE, renegotiate_quick = FALSE;
> +    X509 *peercert;
> +    X509_STORE *cert_store = NULL;
> +    X509_STORE_CTX *cert_store_ctx;
> +    STACK_OF(SSL_CIPHER) *cipher_list_old = NULL, *cipher_list = NULL;
> +    const SSL_CIPHER *cipher = NULL;
> +    int depth, verify_old, verify, n, rc;
> +    const char *ncipher_suite;
> 
> #ifdef HAVE_SRP
>     /*
> @@ -581,7 +570,7 @@ int ssl_hook_Access(request_rec *r)
>         }
> 
>         /* configure new state */
> -        if (is_slave) {
> +        if (r->connection->master) {
>             /* TODO: this categorically fails changed cipher suite settings
>              * on slave connections. We could do better by
>              * - create a new SSL* from our SSL_CTX and set cipher suite there,
> @@ -659,7 +648,7 @@ int ssl_hook_Access(request_rec *r)
>         }
> 
>         if (renegotiate) {
> -            if (is_slave) {
> +            if (r->connection->master) {
>                 /* The request causes renegotiation on a slave connection.
>                  * This is not allowed since we might have concurrent requests
>                  * on this connection.
> @@ -732,7 +721,7 @@ int ssl_hook_Access(request_rec *r)
>                   (verify     & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)))
>             {
>                 renegotiate = TRUE;
> -                if (is_slave) {
> +                if (r->connection->master) {
>                     /* The request causes renegotiation on a slave connection.
>                      * This is not allowed since we might have concurrent requests
>                      * on this connection.
> @@ -883,6 +872,7 @@ int ssl_hook_Access(request_rec *r)
> 
>         if (renegotiate_quick) {
>             STACK_OF(X509) *cert_stack;
> +            X509 *cert;
> 
>             /* perform just a manual re-verification of the peer */
>             ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO(02258)
> @@ -1035,43 +1025,10 @@ int ssl_hook_Access(request_rec *r)
>         }
> 
>         /*
> -         * Remember the peer certificate's DN
> -         */
> -        if ((cert = SSL_get_peer_certificate(ssl))) {
> -            if (sslconn->client_cert) {
> -                X509_free(sslconn->client_cert);
> -            }
> -            sslconn->client_cert = cert;
> -            sslconn->client_dn = NULL;
> -        }
> -
> -        /*
>          * Finally check for acceptable renegotiation results
>          */
> -        if ((dc->nVerifyClient != SSL_CVERIFY_NONE) ||
> -            (sc->server->auth.verify_mode != SSL_CVERIFY_NONE)) {
> -            BOOL do_verify = ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
> -                              (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE));
> -
> -            if (do_verify && (SSL_get_verify_result(ssl) != X509_V_OK)) {
> -                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02262)
> -                              "Re-negotiation handshake failed: "
> -                              "Client verification failed");
> -
> -                return HTTP_FORBIDDEN;
> -            }
> -
> -            if (do_verify) {
> -                if ((peercert = SSL_get_peer_certificate(ssl)) == NULL) {
> -                    ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02263)
> -                                  "Re-negotiation handshake failed: "
> -                                  "Client certificate missing");
> -
> -                    return HTTP_FORBIDDEN;
> -                }
> -
> -                X509_free(peercert);
> -            }
> +        if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
> +            return rc;
>         }
> 
>         /*
> @@ -1094,6 +1051,215 @@ int ssl_hook_Access(request_rec *r)
>         }
>     }
> 
> +    return DECLINED;
> +}
> +
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +/*
> + *  Access Handler, modern flavour, for SSL/TLS v1.3 and onward. 
> + *  Only client certificates can be requested, everything else stays.
> + */
> +static int ssl_hook_Access_modern(request_rec *r, SSLSrvConfigRec *sc, SSLDirConfigRec *dc,
> +                                  SSLConnRec *sslconn, SSL *ssl)
> +{
> +    if ((dc->nVerifyClient != SSL_CVERIFY_UNSET) ||
> +        (sc->server->auth.verify_mode != SSL_CVERIFY_UNSET)) {
> +        int vmode_inplace, vmode_needed;
> +        int change_vmode = FALSE;
> +        int old_state, n, rc;
> +
> +        vmode_inplace = SSL_get_verify_mode(ssl);
> +        vmode_needed = SSL_VERIFY_NONE;
> +
> +        if ((dc->nVerifyClient == SSL_CVERIFY_REQUIRE) ||
> +            (sc->server->auth.verify_mode == SSL_CVERIFY_REQUIRE)) {
> +            vmode_needed |= SSL_VERIFY_PEER_STRICT;
> +        }
> +
> +        if ((dc->nVerifyClient == SSL_CVERIFY_OPTIONAL) ||
> +            (dc->nVerifyClient == SSL_CVERIFY_OPTIONAL_NO_CA) ||
> +            (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL) ||
> +            (sc->server->auth.verify_mode == SSL_CVERIFY_OPTIONAL_NO_CA))
> +        {
> +            vmode_needed |= SSL_VERIFY_PEER;
> +        }
> +
> +        if (vmode_needed == SSL_VERIFY_NONE) {
> +            return DECLINED;
> +        }
> +
> +        vmode_needed |= SSL_VERIFY_CLIENT_ONCE;
> +        if (vmode_inplace != vmode_needed) {
> +            /* Need to change, if new setting is more restrictive than existing one */
> +
> +            if ((vmode_inplace == SSL_VERIFY_NONE)
> +                || (!(vmode_inplace   & SSL_VERIFY_PEER) 
> +                    && (vmode_needed  & SSL_VERIFY_PEER))
> +                || (!(vmode_inplace   & SSL_VERIFY_FAIL_IF_NO_PEER_CERT) 
> +                    && (vmode_needed & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
> +                /* need to change the effective verify mode */
> +                change_vmode = TRUE;
> +            }
> +            else {
> +                /* FIXME: does this work with TLSv1.3? Is this more than re-inspecting
> +                 * the certificate we should already have? */
> +                /*
> +                 * override of SSLVerifyDepth
> +                 *
> +                 * The depth checks are handled by us manually inside the
> +                 * verify callback function and not by OpenSSL internally
> +                 * (and our function is aware of both the per-server and
> +                 * per-directory contexts). So we cannot ask OpenSSL about
> +                 * the currently verify depth. Instead we remember it in our
> +                 * SSLConnRec attached to the SSL* of OpenSSL.  We've to force
> +                 * the renegotiation if the reconfigured/new verify depth is
> +                 * less than the currently active/remembered verify depth
> +                 * (because this means more restriction on the certificate
> +                 * chain).
> +                 */
> +                n = (sslconn->verify_depth != UNSET)? 
> +                    sslconn->verify_depth : sc->server->auth.verify_depth;
> +                /* determine the new depth */
> +                sslconn->verify_depth = (dc->nVerifyDepth != UNSET)
> +                                        ? dc->nVerifyDepth
> +                                        : sc->server->auth.verify_depth;
> +                if (sslconn->verify_depth < n) {
> +                    change_vmode = TRUE;
> +                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r, APLOGNO()
> +                                  "Reduced client verification depth will "
> +                                  "force renegotiation");
> +                }
> +            }
> +        }
> +
> +        if (change_vmode) {
> +            char peekbuf[1];
> +
> +            if (r->connection->master) {
> +                /* FIXME: modifying the SSL on a slave connection is no good.
> +                 * We would need to push this back to the master connection
> +                 * somehow.
> +                 */
> +                apr_table_setn(r->notes, "ssl-renegotiate-forbidden", "verify-client");
> +                return HTTP_FORBIDDEN;
> +            }
> +
> +            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() "verify client post handshake");
> +
> +            SSL_set_verify(ssl, vmode_needed, ssl_callback_SSLVerify);
> +
> +            if (SSL_verify_client_post_handshake(ssl) != 1) {
> +                ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10158)
> +                              "cannot perform post-handshake authentication");
> +                ssl_log_ssl_error(SSLLOG_MARK, APLOG_ERR, r->server);
> +                apr_table_setn(r->notes, "error-notes",
> +                               "Reason: Cannot perform Post-Handshake Authentication.<br />");
> +                return HTTP_FORBIDDEN;
> +            }
> +            
> +            old_state = sslconn->reneg_state;
> +            sslconn->reneg_state = RENEG_ALLOW;
> +            modssl_set_app_data2(ssl, r);
> +
> +            SSL_do_handshake(ssl);
> +            /* Need to trigger renegotiation handshake by reading.
> +             * Peeking 0 bytes actually works.
> +             * See: http://marc.info/?t=145493359200002&r=1&w=2
> +             */
> +            SSL_peek(ssl, peekbuf, 0);
> +
> +            sslconn->reneg_state = old_state;
> +            modssl_set_app_data2(ssl, NULL);
> +
> +            /*
> +             * Finally check for acceptable renegotiation results
> +             */
> +            if (OK != (rc = ssl_check_post_client_verify(r, sc, dc, sslconn, ssl))) {
> +                return rc;
> +            }
> +        }
> +    }
> +
> +    return DECLINED;
> +}
> +#endif
> +
> +int ssl_hook_Access(request_rec *r)
> +{
> +    SSLDirConfigRec *dc         = myDirConfig(r);
> +    SSLSrvConfigRec *sc         = mySrvConfig(r->server);
> +    SSLConnRec *sslconn         = myConnConfig(r->connection);
> +    SSL *ssl                    = sslconn ? sslconn->ssl : NULL;
> +    apr_array_header_t *requires;
> +    ssl_require_t *ssl_requires;
> +    int ok, i, ret;
> +
> +    /* On a slave connection, we do not expect to have an SSLConnRec, but
> +     * our master connection might have one. */
> +    if (!(sslconn && ssl) && r->connection->master) {
> +        sslconn         = myConnConfig(r->connection->master);
> +        ssl             = sslconn ? sslconn->ssl : NULL;
> +    }
> +
> +    /*
> +     * We should have handshaken here, otherwise we are being 
> +     * redirected (ErrorDocument) from a renegotiation failure below. 
> +     * The access is still forbidden in the latter case, let ap_die() handle
> +     * this recursive (same) error.
> +     */
> +    if (ssl && !SSL_is_init_finished(ssl)) {
> +        return HTTP_FORBIDDEN;
> +    }
> +
> +    /*
> +     * Support for SSLRequireSSL directive
> +     */
> +    if (dc->bSSLRequired && !ssl) {
> +        if ((sc->enabled == SSL_ENABLED_OPTIONAL) && !r->connection->master) {
> +            /* This vhost was configured for optional SSL, just tell the
> +             * client that we need to upgrade.
> +             */
> +            apr_table_setn(r->err_headers_out, "Upgrade", "TLS/1.0, HTTP/1.1");
> +            apr_table_setn(r->err_headers_out, "Connection", "Upgrade");
> +
> +            return HTTP_UPGRADE_REQUIRED;
> +        }
> +
> +        ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(02219)
> +                      "access to %s failed, reason: %s",
> +                      r->filename, "SSL connection required");
> +
> +        /* remember forbidden access for strict require option */
> +        apr_table_setn(r->notes, "ssl-access-forbidden", "1");
> +
> +        return HTTP_FORBIDDEN;
> +    }
> +
> +    /*
> +     * Check to see whether SSL is in use; if it's not, then no
> +     * further access control checks are relevant.  (the test for
> +     * sc->enabled is probably strictly unnecessary)
> +     */
> +    if (sc->enabled == SSL_ENABLED_FALSE || !ssl) {
> +        return DECLINED;
> +    }
> +
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    /* TLSv1.3+ is less complicated here. Branch off into a new codeline
> +     * and avoid messing with the past. */
> +    if (SSL_version(ssl) >= TLS1_3_VERSION) {
> +        ret = ssl_hook_Access_modern(r, sc, dc, sslconn, ssl);
> +    }
> +    else
> +#endif
> +    {
> +        ret = ssl_hook_Access_classic(r, sc, dc, sslconn, ssl);
> +    }
> +
> +    if (ret != DECLINED) {
> +        return ret;
> +    }
> +
>     /* If we're trying to have the user name set from a client
>      * certificate then we need to set it here. This should be safe as
>      * the user name probably isn't important from an auth checking point
> @@ -2078,31 +2244,43 @@ void ssl_callback_Info(const SSL *ssl, i
> {
>     conn_rec *c;
>     server_rec *s;
> -    SSLConnRec *scr;
> 
>     /* Retrieve the conn_rec and the associated SSLConnRec. */
>     if ((c = (conn_rec *)SSL_get_app_data((SSL *)ssl)) == NULL) {
>         return;
>     }
> 
> -    if ((scr = myConnConfig(c)) == NULL) {
> -        return;
> -    }
> +    /* With TLS 1.3 this callback may be called multiple times on the first
> +     * negotiation, so the below logic to detect renegotiations can't work.
> +     * Fortunately renegotiations are forbidden starting with TLS 1.3, and
> +     * this is enforced by OpenSSL so there's nothing to be done here.
> +     */
> +#if SSL_HAVE_PROTOCOL_TLSV1_3
> +    if (SSL_version(ssl) < TLS1_3_VERSION)
> +#endif
> +    {
> +        SSLConnRec *sslconn;
> +
> +        if ((sslconn = myConnConfig(c)) == NULL) {
> +            return;
> +        }
> 
> -    /* If the reneg state is to reject renegotiations, check the SSL
> -     * state machine and move to ABORT if a Client Hello is being
> -     * read. */
> -    if (!scr->is_proxy &&
> -        (where & SSL_CB_HANDSHAKE_START) &&
> -        scr->reneg_state == RENEG_REJECT) {
> -            scr->reneg_state = RENEG_ABORT;
> +        /* If the reneg state is to reject renegotiations, check the SSL
> +         * state machine and move to ABORT if a Client Hello is being
> +         * read. */
> +        if (!sslconn->is_proxy &&
> +                (where & SSL_CB_HANDSHAKE_START) &&
> +                sslconn->reneg_state == RENEG_REJECT) {
> +            sslconn->reneg_state = RENEG_ABORT;
>             ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(02042)
>                           "rejecting client initiated renegotiation");
> -    }
> -    /* If the first handshake is complete, change state to reject any
> -     * subsequent client-initiated renegotiation. */
> -    else if ((where & SSL_CB_HANDSHAKE_DONE) && scr->reneg_state == RENEG_INIT) {
> -        scr->reneg_state = RENEG_REJECT;
> +        }
> +        /* If the first handshake is complete, change state to reject any
> +         * subsequent client-initiated renegotiation. */
> +        else if ((where & SSL_CB_HANDSHAKE_DONE)
> +                 && sslconn->reneg_state == RENEG_INIT) {
> +            sslconn->reneg_state = RENEG_REJECT;
> +        }
>     }
> 
>     s = mySrvFromConn(c);
> 
> Modified: httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h
> URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h?rev=1841573&r1=1841572&r2=1841573&view=diff
> ==============================================================================
> --- httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h (original)
> +++ httpd/httpd/branches/2.4.x/modules/ssl/ssl_private.h Fri Sep 21 12:14:05 2018
> @@ -132,13 +132,14 @@
>         SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, version, NULL)
> #define SSL_CTX_set_max_proto_version(ctx, version) \
>         SSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, version, NULL)
> -#endif
> -/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
> - * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
> - * we have to work around this...
> +#elif LIBRESSL_VERSION_NUMBER < 0x2070000f
> +/* LibreSSL before 2.7 declares OPENSSL_VERSION_NUMBER == 2.0 but does not
> + * include most changes from OpenSSL >= 1.1 (new functions, macros, 
> + * deprecations, ...), so we have to work around this...
>  */
> #define MODSSL_USE_OPENSSL_PRE_1_1_API (1)
> -#else
> +#endif /* LIBRESSL_VERSION_NUMBER < 0x2060000f */
> +#else /* defined(LIBRESSL_VERSION_NUMBER) */
> #define MODSSL_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
> #endif
> 
> @@ -238,7 +239,8 @@ void init_bio_methods(void);
> void free_bio_methods(void);
> #endif
> 
> -#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
> +#if OPENSSL_VERSION_NUMBER < 0x10002000L || \
> +	(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000f)
> #define X509_STORE_CTX_get0_store(x) (x->ctx)
> #endif
> 
> @@ -372,8 +374,17 @@ typedef int ssl_opt_t;
> #ifdef HAVE_TLSV1_X
> #define SSL_PROTOCOL_TLSV1_1 (1<<3)
> #define SSL_PROTOCOL_TLSV1_2 (1<<4)
> +#define SSL_PROTOCOL_TLSV1_3 (1<<5)
> +
> +#ifdef SSL_OP_NO_TLSv1_3
> +#define SSL_HAVE_PROTOCOL_TLSV1_3   (1)
> +#define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC| \
> +                            SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2|SSL_PROTOCOL_TLSV1_3)
> +#else
> +#define SSL_HAVE_PROTOCOL_TLSV1_3   (0)
> #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC| \
>                             SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
> +#endif
> #else
> #define SSL_PROTOCOL_ALL   (SSL_PROTOCOL_BASIC)
> #endif
> @@ -646,6 +657,11 @@ typedef struct {
>     /** for client or downstream server authentication */
>     int          verify_depth;
>     ssl_verify_t verify_mode;
> +
> +    /** TLSv1.3 has its separate cipher list, separate from the
> +     settings for older TLS protocol versions. Since which one takes
> +     effect is a matter of negotiation, we need separate settings */
> +    const char  *tls13_ciphers;
> } modssl_auth_ctx_t;
> 
> #ifdef HAVE_TLS_SESSION_TICKETS
> @@ -801,7 +817,7 @@ const char  *ssl_cmd_SSLPassPhraseDialog
> const char  *ssl_cmd_SSLCryptoDevice(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLRandomSeed(cmd_parms *, void *, const char *, const char *, const char *);
> const char  *ssl_cmd_SSLEngine(cmd_parms *, void *, const char *);
> -const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *);
> +const char  *ssl_cmd_SSLCipherSuite(cmd_parms *, void *, const char *, const char *);
> const char  *ssl_cmd_SSLCertificateFile(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLCertificateKeyFile(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLCertificateChainFile(cmd_parms *, void *, const char *);
> @@ -830,7 +846,7 @@ const char *ssl_cmd_SSLInsecureRenegotia
> 
> const char  *ssl_cmd_SSLProxyEngine(cmd_parms *cmd, void *dcfg, int flag);
> const char  *ssl_cmd_SSLProxyProtocol(cmd_parms *, void *, const char *);
> -const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *);
> +const char  *ssl_cmd_SSLProxyCipherSuite(cmd_parms *, void *, const char *, const char *);
> const char  *ssl_cmd_SSLProxyVerify(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLProxyVerifyDepth(cmd_parms *, void *, const char *);
> const char  *ssl_cmd_SSLProxyCACertificatePath(cmd_parms *, void *, const char *);
> 
>