Hello,
I'm suffering the same problem.
In my case I can confirm that mod_php (libapache2-mod-php7.0) is in use
and is linked against openssl 1.1:
/usr/lib/apache2/modules/libphp7.0.so
linux-vdso.so.1 (0x00007fff74595000)
libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1
(0x00007fcfaf8dd000)
libresolv.so.2 => /lib/x86_64-linux-gnu/libresolv.so.2
(0x00007fcfaf6c6000)
libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fcfaf4ac000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3
(0x00007fcfaf239000)
librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fcfaf031000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fcfaed2d000)
libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fcfaeb29000)
libnsl.so.1 => /lib/x86_64-linux-gnu/libnsl.so.1
(0x00007fcfae911000)
libxml2.so.2 => /usr/lib/x86_64-linux-gnu/libxml2.so.2
(0x00007fcfae556000)
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1
(0x00007fcfae2ea000)
libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
(0x00007fcfade57000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fcfadab8000)
libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0
(0x00007fcfad89b000)
/lib64/ld-linux-x86-64.so.2 (0x00007fcfb014c000)
libicui18n.so.57 => /usr/lib/x86_64-linux-gnu/libicui18n.so.57
(0x00007fcfad421000)
libicuuc.so.57 => /usr/lib/x86_64-linux-gnu/libicuuc.so.57
(0x00007fcfad079000)
libicudata.so.57 => /usr/lib/x86_64-linux-gnu/libicudata.so.57
(0x00007fcfab5fc000)
liblzma.so.5 => /lib/x86_64-linux-gnu/liblzma.so.5
(0x00007fcfab3d6000)
libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6
(0x00007fcfab054000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1
(0x00007fcfaae3d000)
Given that, I would really understand the basic problem with that?
Even without mod_auth_openidc, I see a mixture of openssl 1.0 & 1.1
which has not been a problem so far - and I can't find evidence that
there is a potential problem with that.
Do you have any reference that would give more insight on that issue?
What would be the solution of the problem?
Jörg