diff --git a/httpd-2.4.33-sslmultiproxy.patch b/httpd-2.4.33-sslmultiproxy.patch
index 5879134..679f229 100644
--- a/httpd-2.4.33-sslmultiproxy.patch
+++ b/httpd-2.4.33-sslmultiproxy.patch
@@ -1,140 +1,126 @@
-From 11f3375333ca795939d90e14a761f2f288034704 Mon Sep 17 00:00:00 2001
-From: Rob Crittenden <rcritten@redhat.com>
-Date: Fri, 13 Apr 2018 11:14:57 -0400
-Subject: [PATCH] Update sslmultiproxy patch to work with 2.4.33
+From ce2d1d7d4b2bebe34cf37fdeb30d35050092c5b5 Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcrit@cow.greyoak.com>
+Date: Thu, 12 Apr 2018 14:36:28 -0400
+Subject: [PATCH] httpd-2.4.18-sslmultiproxy.patch
 
 ---
- httpd-2.4.18-sslmultiproxy.patch | 85 +++++++++++++++++++++++++++-------------
- 1 file changed, 58 insertions(+), 27 deletions(-)
+ modules/ssl/mod_ssl.c         | 24 ++++++++++++++++++++++--
+ modules/ssl/ssl_engine_vars.c | 18 +++++++++++++++++-
+ 2 files changed, 39 insertions(+), 3 deletions(-)
 
-diff --git a/httpd-2.4.18-sslmultiproxy.patch b/httpd-2.4.18-sslmultiproxy.patch
-index 3f00f3f..9e311ea 100644
---- a/httpd-2.4.18-sslmultiproxy.patch
-+++ b/httpd-2.4.18-sslmultiproxy.patch
-@@ -1,53 +1,81 @@
-+From ce2d1d7d4b2bebe34cf37fdeb30d35050092c5b5 Mon Sep 17 00:00:00 2001
-+From: Rob Crittenden <rcrit@cow.greyoak.com>
-+Date: Thu, 12 Apr 2018 14:36:28 -0400
-+Subject: [PATCH] httpd-2.4.18-sslmultiproxy.patch
+diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
+index 48d64cb..42e85a3 100644
+diff -uap httpd-2.4.33/modules/ssl/mod_ssl.c.sslmultiproxy httpd-2.4.33/modules/ssl/mod_ssl.c
+--- httpd-2.4.33/modules/ssl/mod_ssl.c.sslmultiproxy
++++ httpd-2.4.33/modules/ssl/mod_ssl.c
+@@ -444,12 +444,19 @@
+     return OK;
+ }
+ 
++static APR_OPTIONAL_FN_TYPE(ssl_engine_disable) *othermod_engine_disable;
++static APR_OPTIONAL_FN_TYPE(ssl_engine_set) *othermod_engine_set;
 +
-+---
-+ modules/ssl/mod_ssl.c         | 24 ++++++++++++++++++++++--
-+ modules/ssl/ssl_engine_vars.c | 18 +++++++++++++++++-
-+ 2 files changed, 39 insertions(+), 3 deletions(-)
+ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
+                                            ap_conf_vector_t *per_dir_config)
+ {
+     SSLConnRec *sslconn = myConnConfig(c);
+     SSLSrvConfigRec *sc;
+ 
++    if (othermod_engine_disable) {
++        othermod_engine_disable(c);
++    }
 +
- diff --git a/modules/ssl/mod_ssl.c b/modules/ssl/mod_ssl.c
--index 717a694..a3ce718 100644
-+index 48d64cb..42e85a3 100644
- --- a/modules/ssl/mod_ssl.c
- +++ b/modules/ssl/mod_ssl.c
--@@ -395,6 +395,9 @@ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c)
--     return sslconn;
-+@@ -444,12 +444,19 @@ static int ssl_hook_pre_config(apr_pool_t *pconf,
-+     return OK;
-  }
-  
--+static typeof(ssl_proxy_enable) *othermod_proxy_enable;
- +static typeof(ssl_engine_disable) *othermod_engine_disable;
-++static typeof(ssl_engine_set) *othermod_engine_set;
- +
-- int ssl_proxy_enable(conn_rec *c)
-+ static SSLConnRec *ssl_init_connection_ctx(conn_rec *c,
-+                                            ap_conf_vector_t *per_dir_config)
-  {
--     SSLSrvConfigRec *sc;
--@@ -403,6 +406,12 @@ int ssl_proxy_enable(conn_rec *c)
--     sc = mySrvConfig(sslconn->server);
-- 
--     if (!sc->proxy_enabled) {
--+        if (othermod_proxy_enable) {
--+            ap_log_cerror(APLOG_MARK, APLOG_DEBUG, 0, c,
--+                          "mod_ssl proxy not configured, passing through to other module.");
--+            return othermod_proxy_enable(c);
--+        }
--+
--         ap_log_cerror(APLOG_MARK, APLOG_ERR, 0, c, APLOGNO(01961)
--                       "SSL Proxy requested for %s but not enabled "
--                       "[Hint: SSLProxyEngine]", sc->vhost_id);
--@@ -422,6 +431,10 @@ int ssl_engine_disable(conn_rec *c)
-- 
-      SSLConnRec *sslconn = myConnConfig(c);
-+     SSLSrvConfigRec *sc;
-  
- +    if (othermod_engine_disable) {
- +        othermod_engine_disable(c);
- +    }
- +
-      if (sslconn) {
--         sc = mySrvConfig(sslconn->server);
-+         return sslconn;
-      }
--@@ -621,6 +634,9 @@ static void ssl_register_hooks(apr_pool_t *p)
--     ap_hook_post_read_request(ssl_hook_ReadReq, pre_prr,NULL, APR_HOOK_MIDDLE);
-+@@ -508,6 +515,10 @@ static int ssl_engine_set(conn_rec *c,
-+ {
-+     SSLConnRec *sslconn;
-+     int status;
-++
-++    if (othermod_engine_set) {
-++        return othermod_engine_set(c, per_dir_config, proxy, enable);
-++    }
-+     
-+     if (proxy) {
-+         sslconn = ssl_init_connection_ctx(c, per_dir_config);
-+@@ -537,12 +548,18 @@ static int ssl_engine_set(conn_rec *c,
-+ 
-+ static int ssl_proxy_enable(conn_rec *c)
-+ {
-+-    return ssl_engine_set(c, NULL, 1, 1);
-++    if (othermod_engine_set)
-++        return othermod_engine_set(c, NULL, 1, 1);
-++    else
-++        return ssl_engine_set(c, NULL, 1, 1);
-+ }
-+ 
-+ static int ssl_engine_disable(conn_rec *c)
-+ {
-+-    return ssl_engine_set(c, NULL, 0, 0);
-++    if (othermod_engine_set)
-++        return othermod_engine_set(c, NULL, 0, 0);
-++    else
-++        return ssl_engine_set(c, NULL, 0, 0);
-+ }
-+ 
-+ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
-+@@ -730,6 +747,9 @@ static void ssl_register_hooks(apr_pool_t *p)
-+                       APR_HOOK_MIDDLE);
-  
-      ssl_var_register(p);
- +    
--+    othermod_proxy_enable = APR_RETRIEVE_OPTIONAL_FN(ssl_proxy_enable);
- +    othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
-++    othermod_engine_set = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set);
-  
-      APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
-      APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
- diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
--index a6b0d0d..24fd8c7 100644
-+index a28d4dd..caf7131 100644
- --- a/modules/ssl/ssl_engine_vars.c
- +++ b/modules/ssl/ssl_engine_vars.c
- @@ -54,6 +54,8 @@ static char *ssl_var_lookup_ssl_cipher(apr_pool_t *p, SSLConnRec *sslconn, char
-@@ -80,7 +108,7 @@ index a6b0d0d..24fd8c7 100644
-      APR_REGISTER_OPTIONAL_FN(ssl_is_https);
-      APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
-      APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
--@@ -272,6 +279,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
-+@@ -271,6 +278,15 @@ char *ssl_var_lookup(apr_pool_t *p, server_rec *s, conn_rec *c, request_rec *r,
-       */
-      if (result == NULL && c != NULL) {
-          SSLConnRec *sslconn = ssl_get_effective_config(c);
-@@ -96,3 +124,6 @@ index a6b0d0d..24fd8c7 100644
-          if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
-              && sslconn && sslconn->ssl)
-              result = ssl_var_lookup_ssl(p, sslconn, r, var+4);
-+-- 
-+2.14.3
+     if (sslconn) {
+         return sslconn;
+     }
+@@ -508,6 +515,10 @@
+ {
+     SSLConnRec *sslconn;
+     int status;
 +
--- 
-2.13.6
-
++    if (othermod_engine_set) {
++        return othermod_engine_set(c, per_dir_config, proxy, enable);
++    }
+     
+     if (proxy) {
+         sslconn = ssl_init_connection_ctx(c, per_dir_config);
+@@ -537,12 +548,18 @@
+ 
+ static int ssl_proxy_enable(conn_rec *c)
+ {
+-    return ssl_engine_set(c, NULL, 1, 1);
++    if (othermod_engine_set)
++        return othermod_engine_set(c, NULL, 1, 1);
++    else
++        return ssl_engine_set(c, NULL, 1, 1);
+ }
+ 
+ static int ssl_engine_disable(conn_rec *c)
+ {
+-    return ssl_engine_set(c, NULL, 0, 0);
++    if (othermod_engine_set)
++        return othermod_engine_set(c, NULL, 0, 0);
++    else
++        return ssl_engine_set(c, NULL, 0, 0);
+ }
+ 
+ int ssl_init_ssl_connection(conn_rec *c, request_rec *r)
+@@ -730,6 +747,9 @@
+                       APR_HOOK_MIDDLE);
+ 
+     ssl_var_register(p);
++    
++    othermod_engine_disable = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_disable);
++    othermod_engine_set = APR_RETRIEVE_OPTIONAL_FN(ssl_engine_set);
+ 
+     APR_REGISTER_OPTIONAL_FN(ssl_proxy_enable);
+     APR_REGISTER_OPTIONAL_FN(ssl_engine_disable);
+diff -uap httpd-2.4.33/modules/ssl/ssl_engine_vars.c.sslmultiproxy httpd-2.4.33/modules/ssl/ssl_engine_vars.c
+--- httpd-2.4.33/modules/ssl/ssl_engine_vars.c.sslmultiproxy
++++ httpd-2.4.33/modules/ssl/ssl_engine_vars.c
+@@ -54,6 +54,8 @@
+ static void  ssl_var_lookup_ssl_cipher_bits(SSL *ssl, int *usekeysize, int *algkeysize);
+ static char *ssl_var_lookup_ssl_version(apr_pool_t *p, char *var);
+ static char *ssl_var_lookup_ssl_compress_meth(SSL *ssl);
++static APR_OPTIONAL_FN_TYPE(ssl_is_https) *othermod_is_https;
++static APR_OPTIONAL_FN_TYPE(ssl_var_lookup) *othermod_var_lookup;
+ 
+ static SSLConnRec *ssl_get_effective_config(conn_rec *c)
+ {
+@@ -68,7 +70,9 @@
+ static int ssl_is_https(conn_rec *c)
+ {
+     SSLConnRec *sslconn = ssl_get_effective_config(c);
+-    return sslconn && sslconn->ssl;
++
++    return (sslconn && sslconn->ssl)
++        || (othermod_is_https && othermod_is_https(c));
+ }
+ 
+ static const char var_interface[] = "mod_ssl/" AP_SERVER_BASEREVISION;
+@@ -137,6 +141,9 @@
+ {
+     char *cp, *cp2;
+ 
++    othermod_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
++    othermod_var_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
++
+     APR_REGISTER_OPTIONAL_FN(ssl_is_https);
+     APR_REGISTER_OPTIONAL_FN(ssl_var_lookup);
+     APR_REGISTER_OPTIONAL_FN(ssl_ext_list);
+@@ -271,6 +278,15 @@
+      */
+     if (result == NULL && c != NULL) {
+         SSLConnRec *sslconn = ssl_get_effective_config(c);
++
++        if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
++            && (!sslconn || !sslconn->ssl) && othermod_var_lookup) {
++            /* For an SSL_* variable, if mod_ssl is not enabled for
++             * this connection and another SSL module is present, pass
++             * through to that module. */
++            return othermod_var_lookup(p, s, c, r, var);
++        }
++
+         if (strlen(var) > 4 && strcEQn(var, "SSL_", 4)
+             && sslconn && sslconn->ssl)
+             result = ssl_var_lookup_ssl(p, sslconn, r, var+4);