I'm new to OpenSSL configuration and am trying to determine if OpenSSL can have TLSv1 and certain insecure ciphers disabled system-wide in any way on Linux, using system-wide configuration or custom build(s) of OpenSSL?
From what I've read on the web, it sounds like this can't be done at the system level but only at the application level, as applications like Apache and Nginx are linked against a particular version of OpenSSL, which is then configured through the application's configuration itself.
So to disable TLSv1 in Apache it would be an Apache configuration change, and to disable TLSv1 in Nginx it would be an Nginx configuration change.
My question is: Can a custom version of OpenSSL be built which disables TLSv1 and particular ciphers, which is then installed system-wide and used by Apache and Nginx, as well as any applications that need OpenSSL on the system?
Even if Apache and Nginx used different versions of OpenSSL, could 2 separate, custom versions of OpenSSL be built and deployed on the system that would then be used by these applications?
I've been reviewing the OpenSSL Cookbook and OpenSSL wiki, but feel I'd like to get some advice on how to proceed.