Hi, If these two packages cannot transition to openssl 1.1.0 before apache2 does, I suggest that you build with openssl 1.0.2 explicitly and then downgrade the bugs and unlink them from the transition bug. I don't have much hope that apache2 will transition in time for stretch release. Cheers, Stefan