Author: jfclere Date: 2015-01-20 11:14:18 -0500 (Tue, 20 Jan 2015) New Revision: 2582 Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java Log: Fix the regression BZ 1174169 introduced by 1158847 on pre 1.0.1 openssl. Modified: branches/7.5.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java =================================================================== --- branches/7.5.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java 2015-01-07 13:33:43 UTC (rev 2581) +++ branches/7.5.x/src/main/java/org/apache/tomcat/util/net/AprEndpoint.java 2015-01-20 16:14:18 UTC (rev 2582) @@ -573,7 +573,10 @@ // SSL protocol int value = SSL.SSL_PROTOCOL_NONE; if (SSLProtocol == null || SSLProtocol.length() == 0) { - value = SSL.SSL_PROTOCOL_ALL; + if (SSL.version() < 0x1000100fL) + value |= SSL.SSL_PROTOCOL_TLSV1; + else + value |= SSL.SSL_PROTOCOL_ALL; } else { String protocols = SSLProtocol.replace(',', '+'); for (String protocol : protocols.split("\\+")) { @@ -589,7 +592,10 @@ } else if ("TLSv1.2".equalsIgnoreCase(protocol)) { value |= SSL.SSL_PROTOCOL_TLSV1_2; } else if ("all".equalsIgnoreCase(protocol)) { - value |= SSL.SSL_PROTOCOL_ALL; + if (SSL.version() < 0x1000100fL) + value = SSL.SSL_PROTOCOL_TLSV1; + else + value = SSL.SSL_PROTOCOL_ALL; } else { // Protocol not recognized, fail to start as it is safer than // continuing with the default which might enable more than the