Ferenc Wagner via RT
2014-10-15 14:03:31 UTC
Running the openssl binary configured with no-ssl2:
$ openssl version
OpenSSL 1.0.1i 6 Aug 2014
$ openssl s_client -ssl2 2>&1 | fgrep ssl2
unknown option -ssl2
-ssl2 - just use SSLv2
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
That is, -ssl2 is an unknown option, still it's documented in the usage
block after the error message. It's compiled out at
913 #ifndef OPENSSL_NO_SSL2
914 else if (strcmp(*argv,"-ssl2") == 0)
915 meth=SSLv2_client_method();
916 #endif
but similar conditions should be applied around
338 BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
as well. Same for the other protocols. It's a rather misleading
documentation bug, please consider fixing it.
$ openssl version
OpenSSL 1.0.1i 6 Aug 2014
$ openssl s_client -ssl2 2>&1 | fgrep ssl2
unknown option -ssl2
-ssl2 - just use SSLv2
-no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol
That is, -ssl2 is an unknown option, still it's documented in the usage
block after the error message. It's compiled out at
913 #ifndef OPENSSL_NO_SSL2
914 else if (strcmp(*argv,"-ssl2") == 0)
915 meth=SSLv2_client_method();
916 #endif
but similar conditions should be applied around
338 BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
as well. Same for the other protocols. It's a rather misleading
documentation bug, please consider fixing it.
--
Thanks,
Feri.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org
Thanks,
Feri.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org