Re: openssl without ssl2 switch
On Tue 25 Mar 2014 at 23:16:04 +0100, Veljko wrote:
> On 2014-Mar-25 20:37, Sven Joachim wrote:
> > On 2014-03-25 17:23 +0100, Veljko wrote:
> >
> > > I wanted to test if ssl2 is turned off on server, so I tried with this
> > > command line on my desktop:
> > >
> > > openssl s_client -connect server_ip:443 -ssl2
> > >
> > > but I'm getting
> > >
> > > "unknown option -ssl2
> > > usage: s_client args"
> > >
> > > although displayed list of supported options list -ssl2 as valid. If
> > > used with -ssl3 there is no error.
> > >
> > >
> > > What could be the problem? openssl was built without ssl2 support?
> >
> > Exactly. From the Debian changelog:
> >
> > ,----
> > | openssl (1.0.0c-2) experimental; urgency=low
> > | [...]
> > | * Drop SSL2 support (Closes: #589706)
> > |
> > | -- Kurt Roeckx <kurt@roeckx.be> Sun, 19 Dec 2010 16:24:16 +0100
> > `----
>
> As last poster on that bug number asked, they should have removed it
> from list of available options as well.
People forget things; like not doing a search with "openssl built
without ssl2 support". Bug report?
> Anyhow, what would be now apropiate way of testing if some web server
> still supports ssl2? Any other tool that can be used?
Rebuild the openssl package(s) with ssl2 support?
Reply to: