Merged from trunk rev.14127

diff --cc src/anyp/PortCfg.cc
index c3ea4e263fd71e9d9a9d0a04a8b5c950cbecb262,31ab284e5d4a98a47dd10d6554d9c2c15fad57a4..f607abc4285db24a8d22e2b020a649c32a0a9514
--- 1/src/anyp/PortCfg.cc
--- 2/src/anyp/PortCfg.cc
+++ b/src/anyp/PortCfg.cc
@@@ -60,8 -68,9 +60,7 @@@ AnyP::PortCfg::PortCfg() 
      clientVerifyCrls(),
      clientCA(),
      dhParams(),
--    eecdhCurve(NULL),
-     contextMethod()
 -    sslContextFlags(0),
 -    sslOptions(0)
++    eecdhCurve(NULL)
  #endif
  {
      memset(&tcp_keepalive, 0, sizeof(tcp_keepalive));
@@@ -161,12 -194,37 +160,7 @@@ AnyP::PortCfg::configureSslServerContex
          }
      }
  
 -    // backward compatibility hack for sslversion= configuration
 -    if (version > 2) {
 -        const char *add = NULL;
 -        switch (version) {
 -        case 3:
 -            add = "NO_TLSv1,NO_TLSv1_1,NO_TLSv1_2";
 -            break;
 -        case 4:
 -            add = "NO_SSLv3,NO_TLSv1_1,NO_TLSv1_2";
 -            break;
 -        case 5:
 -            add = "NO_SSLv3,NO_TLSv1,NO_TLSv1_2";
 -            break;
 -        case 6:
 -            add = "NO_SSLv3,NO_TLSv1,NO_TLSv1_1";
 -            break;
 -        default: // nothing
 -            break;
 -        }
 -        if (add) {
 -            SBuf tmpOpts;
 -            if (options) {
 -                tmpOpts.append(options, strlen(options));
 -                tmpOpts.append(",",1);
 -            }
 -            tmpOpts.append(add, strlen(add));
 -            xfree(options);
 -            options = xstrdup(tmpOpts.c_str());
 -        }
 -        version = 0; // prevent options being repeatedly appended
 -    }
 +    secure.updateTlsVersionLimits();
- #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
-     contextMethod = TLS_server_method();
- #else
-     contextMethod = SSLv23_server_method();
- #endif
  
      const char *dhParamsFile = dhfile; // backward compatibility for dhparams= configuration
      safe_free(eecdhCurve); // clear any previous EECDH configuration

diff --cc src/anyp/PortCfg.h
index 7886f4748cc94a7ce3ac06a84b4bc0e7aa04767a,fd3226e83bdca0b18898fb862afbd98cdbc5bdb1..f1e195117e9266b7e8ad55ddf83e8f33dc79725e
--- 1/src/anyp/PortCfg.h
--- 2/src/anyp/PortCfg.h
+++ b/src/anyp/PortCfg.h
@@@ -91,7 -95,8 +91,6 @@@ public
      Ssl::X509_NAME_STACK_Pointer clientCA; ///< CA certificates to use when verifying client certificates
      Ssl::DH_Pointer dhParams; ///< DH parameters for temporary/ephemeral DH key exchanges
      char *eecdhCurve; ///< Elliptic curve for ephemeral EC-based DH key exchanges
-     Ssl::ContextMethod contextMethod; ///< The context method (SSL_METHOD) to use when creating certificates
 -    long sslContextFlags; ///< flags modifying the use of SSL
 -    long sslOptions; ///< SSL engine options
  #endif
  };
  

diff --cc src/ssl/support.cc
index a7aaaa9479ae95550bf8ff15f1bf7e910ff30180,967ff3a5d6d4777db80418889bee1af4ec59b02d..aab44000f374e29004185b32d5c207fe40f28a53
--- 1/src/ssl/support.cc
--- 2/src/ssl/support.cc
+++ b/src/ssl/support.cc
@@@ -702,11 -977,27 +702,16 @@@ configureSslContext(SSL_CTX *sslContext
  SSL_CTX *
  sslCreateServerContext(AnyP::PortCfg &port)
  {
 -    int ssl_error;
 -    const char *keyfile, *certfile;
 -    certfile = port.cert;
 -    keyfile = port.key;
 -
      ssl_initialize();
-     SSL_CTX *sslContext = SSL_CTX_new(port.contextMethod);
+ 
 -    if (!keyfile)
 -        keyfile = certfile;
 -
 -    if (!certfile)
 -        certfile = keyfile;
 -
+ #if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+     SSL_CTX *sslContext = SSL_CTX_new(TLS_server_method());
+ #else
+     SSL_CTX *sslContext = SSL_CTX_new(SSLv23_server_method());
+ #endif
  
      if (sslContext == NULL) {
 -        ssl_error = ERR_get_error();
 +        int ssl_error = ERR_get_error();
          debugs(83, DBG_CRITICAL, "ERROR: Failed to allocate SSL context: " << ERR_error_string(ssl_error, NULL));
          return NULL;
      }