@@ -158,6 +158,8 @@ static apr_pool_t *recv_pool = NULL;
158158static apr_array_header_t * queue = NULL ;
159159static const char * queue_path = NULL ;
160160static int ssl_validation = 0 ;
161+ static int tlsprotocol = 1 ;
162+ static curl_version_info_data * curlversion = NULL ;
161163/* static apr_time_t queue_time = 0; */
162164static void * requestline_regex = NULL ;
163165static int running = 0 ;
@@ -810,6 +812,26 @@ static void init_configuration(void)
810812startup_delay = atoi (s );
811813 }
812814
815+ /* TLS Protocol - TLSv1(0) TLSv1.1(1) TLSv1.2(2) (SSLv3 not supported) */
816+ s = apr_table_get (conf ,"TLSProtocol" );
817+ if (s != NULL ) {
818+ int num = atoi (s );
819+ switch (num ) {
820+ case 0 :
821+ tlsprotocol = 0 ;
822+ break ;
823+ case 1 :
824+ tlsprotocol = 1 ;
825+ break ;
826+ case 2 :
827+ tlsprotocol = 2 ;
828+ break ;
829+ default :
830+ tlsprotocol = 2 ;/* Default is TLSv1.2 */
831+ }
832+ }
833+ curlversion = curl_version_info (CURLVERSION_NOW );
834+
813835if (startup_delay > 0 ) {
814836error_log (LOG_NOTICE ,NULL ,
815837"Delaying execution for %dms." ,startup_delay );
@@ -824,6 +846,8 @@ static void init_configuration(void)
824846error_log (LOG_DEBUG2 ,NULL ,"ErrorLog=%s" ,error_log_path );
825847error_log (LOG_DEBUG2 ,NULL ,"ErrorLogLevel=%d" ,error_log_level );
826848error_log (LOG_DEBUG2 ,NULL ,"StartupDelay=%d" ,startup_delay );
849+ error_log (LOG_DEBUG2 ,NULL ,"TLSProtocol=%d" ,tlsprotocol );
850+ error_log (LOG_DEBUG2 ,NULL ,"cURL version=%s" ,curlversion -> version );
827851
828852s = apr_table_get (conf ,"CheckpointInterval" );
829853if (s != NULL ) {
@@ -1182,6 +1206,8 @@ static void logc_init(void)
11821206apr_status_t rc = 0 ;
11831207const char * errptr = NULL ;
11841208int i ,erroffset ;
1209+ /* cURL major, minor and patch version */
1210+ short cmaj ,cmin ,cpat = 0 ;
11851211
11861212queue = apr_array_make (pool ,64 ,sizeof (entry_t * ));
11871213if (queue == NULL ) {
@@ -1246,8 +1272,31 @@ static void logc_init(void)
12461272
12471273/* Seems like CURL_SSLVERSION_TLSv1_2 is not supported on libcurl
12481274 * < v7.34.0
1275+ *
1276+ * version_num is a 24 bit number created like this:
1277+ * <8 bits major number> | <8 bits minor number> | <8 bits patch number>.
12491278 */
1250- curl_easy_setopt (curl ,CURLOPT_SSLVERSION ,CURL_SSLVERSION_TLSv1 );
1279+ switch (tlsprotocol ) {
1280+ case 0 :
1281+ curl_easy_setopt (curl ,CURLOPT_SSLVERSION ,CURL_SSLVERSION_TLSv1_0 );
1282+ break ;
1283+ case 1 :
1284+ curl_easy_setopt (curl ,CURLOPT_SSLVERSION ,CURL_SSLVERSION_TLSv1_1 );
1285+ break ;
1286+ case 2 :
1287+ curl_easy_setopt (curl ,CURLOPT_SSLVERSION ,CURL_SSLVERSION_TLSv1_2 );
1288+ break ;
1289+ default :
1290+ curl_easy_setopt (curl ,CURLOPT_SSLVERSION ,CURL_SSLVERSION_TLSv1_2 );
1291+ break ;
1292+ }
1293+ cmaj = curlversion -> version_num >>16 ;
1294+ cmin = (curlversion -> version_num & 0x00ff00 ) >>8 ;
1295+ cpat = (curlversion -> version_num & 0x0000ff );
1296+ /* If cURL version < v7.34.0, use TLS v1.x */
1297+ if (cmaj <=7 && cmin < 34 ) {
1298+ curl_easy_setopt (curl ,CURLOPT_SSLVERSION ,CURL_SSLVERSION_TLSv1 );
1299+ }
12511300
12521301curl_easy_setopt (curl ,CURLOPT_CONNECTTIMEOUT ,15 );
12531302curl_easy_setopt (curl ,CURLOPT_NOSIGNAL , TRUE);
@@ -1258,6 +1307,10 @@ static void logc_init(void)
12581307* (CURL * * )apr_array_push (curl_handles )= curl ;
12591308 }
12601309
1310+ if (cmaj <=7 && cmin < 34 ) {
1311+ error_log (LOG_DEBUG2 ,NULL ,"TLSv1.2 is unsupported in cURL %d.%d.%d" ,cmaj ,cmin ,cpat );
1312+ }
1313+
12611314logline_regex = pcre_compile (logline_pattern ,PCRE_CASELESS ,
12621315& errptr ,& erroffset ,NULL );
12631316if (logline_regex == NULL ) {
