mod_ssl: when compiled against OpenSSL 1.0.1 or later, allow explicit control of TLSv1.1 and TLSv1.2 through the SSLProtocol directive, adding TLSv1.1 and TLSv1.2 support by default given 'SSLProtocol All'.
Picked up comment edit, trusting openssl compilation state and current method which openssl uses to include opensslconf.h - if this should be refined, it needs to be refined for other openssl operations as well. Any #define OPENSSL_* for httpd alone would be invalid, these are all namespace protected by openssl.org project.
mod_ssl: Add SSLProxyMachineCertificateChainFile directive uses openssl to construct a chain for each proxy cert. When a remote server requests a client certificate that is NOT the direct issuer of any available client certificate, the chain for that certificate will be used to trace it to a known CA and that client certificate will be used.