Don't prepend !aNULL etc if PROFILE= is used with SSLCipherSuite.
---- httpd-2.4.17/modules/ssl/ssl_engine_config.c.sslciphdefault
-+++ httpd-2.4.17/modules/ssl/ssl_engine_config.c
-@@ -708,8 +708,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
+--- httpd-2.4.33/modules/ssl/ssl_engine_config.c.sslciphdefault
++++ httpd-2.4.33/modules/ssl/ssl_engine_config.c
+@@ -758,8 +758,10 @@ const char *ssl_cmd_SSLCipherSuite(cmd_p
SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
if (cmd->path) {
dc->szCipherSuite = arg;
-@@ -1428,8 +1430,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
+@@ -1502,8 +1504,10 @@ const char *ssl_cmd_SSLProxyCipherSuite(
{
- SSLSrvConfigRec *sc = mySrvConfig(cmd->server);
+ SSLDirConfigRec *dc = (SSLDirConfigRec *)dcfg;
- /* always disable null and export ciphers */
- arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
+ if (strncmp(arg, "PROFILE=", 8) != 0)
+ arg = apr_pstrcat(cmd->pool, arg, ":!aNULL:!eNULL:!EXP", NULL);
- sc->proxy->auth.cipher_suite = arg;
+ dc->proxy->auth.cipher_suite = arg;