Try to be a bit more concise in OpenSSL 1.1.1/TLSv1.3 changes,

     before signals handling to avoid lifetime issues on restart or shutdown.

     PR 62658. [Yann Ylavic]

  *) mod_ssl: add experimental support for TLSv1.3 (tested with OpenSSL v1.1.1-pre9. 

     SSL(Proxy)CipherSuite now has an optional first parameter for the protocol the ciphers are for.

     Directive "SSLVerifyClient" now triggers certificate retrieval from the client.

     Verifying the client fails exactly the same for HTTP/2 connections for all SSL protocols,

     as this would need to trigger the master connection thread - which we do not support

     right now.

     Renegotiation of ciphers is intentionally ignored for TLSv1.3 connections. "SSLCipherSuite"

     does not allow to specify TLSv1.3 ciphers in a directory context (because it cannot work) and

     TLSv1.2 or lower ciphers are not relevant for 1.3, as cipher suites are completely separate.

     Sites which make use of such TLSv1.2 feature need to evaluate carefully if or how they 

     can match their needs onto the TLSv1.3 protocol.

     [Yann Ylavic, Stefan Eissing]

  *) mod_ssl: Add support for OpenSSL 1.1.1 and TLSv1.3.  TLSv1.3 has

     behavioural changes compared to v1.2 and earlier; client and

     configuration changes should be expected.  SSLCipherSuite is

     enhanced for TLSv1.3 ciphers, but applies at vhost level only.

     [Stefan Eissing, Yann Ylavic, Ruediger Pluem, Joe Orton]

  *) mod_auth_basic: Be less tolerant when parsing the credencial. Only spaces

     should be accepted after the authorization scheme. \t are also tolerated.