[mod_openssl] set Ciphersuites once API available

set Ciphersuites once API is available (SSL_CTX_set_ciphersuites())
in LibreSSL.

x-ref:
  "Add support for TLS 1.3"
  https://github.com/libressl-portable/portable/issues/228

src/mod_openssl.c

@@ -3559,7 +3559,7 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
      * https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html */
     int rc = 0;
     buffer *cipherstring = NULL;
-    /*buffer *ciphersuites = NULL;*/
+    buffer *ciphersuites = NULL;
     buffer *minb = NULL;
     buffer *maxb = NULL;
     buffer *curves = NULL;
@@ -3568,10 +3568,8 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
         data_string *ds = (data_string *)s->ssl_conf_cmd->data[i];
         if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("CipherString")))
             cipherstring = &ds->value;
-      #if 0
         else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Ciphersuites")))
             ciphersuites = &ds->value;
-      #endif
         else if (buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Curves"))
               || buffer_eq_icase_slen(&ds->key, CONST_STR_LEN("Groups")))
             curves = &ds->value;
@@ -3665,6 +3663,16 @@ mod_openssl_ssl_conf_cmd (server *srv, plugin_config_socket *s)
             rc = -1;
     }
 
+    if (!buffer_string_is_empty(ciphersuites)) {
+      #if defined(LIBRESSL_VERSION_NUMBER) && defined(LIBRESSL_HAS_TLS1_3)
+        if (SSL_CTX_set_ciphersuites(s->ssl_ctx, ciphersuites->ptr) != 1) {
+            log_error(srv->errh, __FILE__, __LINE__,
+              "SSL: %s", ERR_error_string(ERR_get_error(), NULL));
+            rc = -1;
+        }
+      #endif
+    }
+
     if (!buffer_string_is_empty(cipherstring)) {
         /* Disable support for low encryption ciphers */
         buffer_append_string_len(cipherstring,