From 81624a269fa3a252a72225895b4db4700b01a5b4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?G=C3=BCnter=20Obiltschnig?= <guenter.obiltschnig@appinf.com>
Date: Tue, 4 Feb 2020 10:23:55 +0100
Subject: [PATCH] #2898: poco 1.10/ NetSSL / openssl < 1.1 : default server
 usage changed (compare to 1.9.4)

---
 NetSSL_OpenSSL/src/Context.cpp | 35 +++++++++++++++++++++++++++++++---
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/NetSSL_OpenSSL/src/Context.cpp b/NetSSL_OpenSSL/src/Context.cpp
index dbfa6f37a..c17af1b27 100644
--- a/NetSSL_OpenSSL/src/Context.cpp
+++ b/NetSSL_OpenSSL/src/Context.cpp
@@ -422,20 +422,33 @@ void Context::requireMinimumProtocol(Protocols protocol)
 	{
 	case PROTO_SSLV2:
 		throw Poco::InvalidArgumentException("SSLv2 is no longer supported");
+
 	case PROTO_SSLV3:
 		disableProtocols(PROTO_SSLV2);
 		break;
+
 	case PROTO_TLSV1:
 		disableProtocols(PROTO_SSLV2 | PROTO_SSLV3);
 		break;
+
 	case PROTO_TLSV1_1:
+#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
 		disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1);
+#else
+		throw Poco::InvalidArgumentException("TLSv1.1 is not supported by the available OpenSSL library");
+#endif
 		break;
+
 	case PROTO_TLSV1_2:
+#if defined(SSL_OP_NO_TLSv1_2) && !defined(OPENSSL_NO_TLS1)
 		disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1 | PROTO_TLSV1_1);
+#else
+		throw Poco::InvalidArgumentException("TLSv1.2 is not supported by the available OpenSSL library");
+#endif
 		break;
+
 	case PROTO_TLSV1_3:
-		disableProtocols(PROTO_SSLV2 | PROTO_SSLV3 | PROTO_TLSV1 | PROTO_TLSV1_1 | PROTO_TLSV1_2);
+		throw Poco::InvalidArgumentException("TLSv1.3 is not supported by the available OpenSSL library");
 		break;
 	}
 #endif
@@ -468,6 +481,24 @@ void Context::createSSLContext()
 		{
 		case CLIENT_USE:
 		case TLS_CLIENT_USE:
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			_pSSLContext = SSL_CTX_new(TLS_client_method());
+			minTLSVersion = TLS1_VERSION;
+#else
+			_pSSLContext = SSL_CTX_new(SSLv23_client_method());
+#endif
+			break;
+
+		case SERVER_USE:
+		case TLS_SERVER_USE:
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+			_pSSLContext = SSL_CTX_new(TLS_server_method());
+			minTLSVersion = TLS1_VERSION;
+#else
+			_pSSLContext = SSL_CTX_new(SSLv23_server_method());
+#endif
+			break;
+
 		case TLSV1_CLIENT_USE:
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 			_pSSLContext = SSL_CTX_new(TLS_client_method());
@@ -477,8 +508,6 @@ void Context::createSSLContext()
 #endif
 			break;
 
-		case SERVER_USE:
-		case TLS_SERVER_USE:
 		case TLSV1_SERVER_USE:
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L
 			_pSSLContext = SSL_CTX_new(TLS_server_method());