LibreSSL patch by xtraeme: - SSLv2_client_method() completely removed; SSLv2 is unsupported. - SSL_METHOD has been const'ified. --- sslscan.1.orig 2014-08-04 18:31:56.219747964 +0200 +++ sslscan.1 2014-08-04 18:32:12.762885840 +0200 @@ -34,10 +34,6 @@ ports (i.e. host:port). One target per l List only accepted ciphers (default is to listing all ciphers). .TP -.B \-\-ssl2 -.br -Only check SSLv2 ciphers. -.TP .B \-\-ssl3 .br Only check SSLv3 ciphers. --- sslscan.c.orig 2009-09-01 14:35:59.000000000 +0200 +++ sslscan.c 2014-08-04 18:38:11.405056914 +0200 @@ -91,7 +91,7 @@ struct sslCipher char *version; int bits; char description[512]; - SSL_METHOD *sslMethod; + const SSL_METHOD *sslMethod; struct sslCipher *next; }; @@ -125,7 +125,7 @@ struct sslCheckOptions // Adds Ciphers to the Cipher List structure -int populateCipherList(struct sslCheckOptions *options, SSL_METHOD *sslMethod) +int populateCipherList(struct sslCheckOptions *options, const SSL_METHOD *sslMethod) { // Variables... int returnCode = true; @@ -563,16 +563,7 @@ int testCipher(struct sslCheckOptions *o } if (options->xmlOutput != 0) fprintf(options->xmlOutput, " sslversion=\""); - if (sslCipherPointer->sslMethod == SSLv2_client_method()) - { - if (options->xmlOutput != 0) - fprintf(options->xmlOutput, "SSLv2\" bits=\""); - if (options->pout == true) - printf("SSLv2 || "); - else - printf("SSLv2 "); - } - else if (sslCipherPointer->sslMethod == SSLv3_client_method()) + if (sslCipherPointer->sslMethod == SSLv3_client_method()) { if (options->xmlOutput != 0) fprintf(options->xmlOutput, "SSLv3\" bits=\""); @@ -645,7 +636,7 @@ int testCipher(struct sslCheckOptions *o // Test for prefered ciphers -int defaultCipher(struct sslCheckOptions *options, SSL_METHOD *sslMethod) +int defaultCipher(struct sslCheckOptions *options, const SSL_METHOD *sslMethod) { // Variables... int cipherStatus; @@ -688,16 +679,7 @@ int defaultCipher(struct sslCheckOptions cipherStatus = SSL_connect(ssl); if (cipherStatus == 1) { - if (sslMethod == SSLv2_client_method()) - { - if (options->xmlOutput != 0) - fprintf(options->xmlOutput, " pout == true) - printf("|| SSLv2 || "); - else - printf(" SSLv2 "); - } - else if (sslMethod == SSLv3_client_method()) + if (sslMethod == SSLv3_client_method()) { if (options->xmlOutput != 0) fprintf(options->xmlOutput, " sslVersion) { case ssl_all: - status = defaultCipher(options, SSLv2_client_method()); - if (status != false) status = defaultCipher(options, SSLv3_client_method()); if (status != false) status = defaultCipher(options, TLSv1_client_method()); break; - case ssl_v2: - status = defaultCipher(options, SSLv2_client_method()); - break; case ssl_v3: status = defaultCipher(options, SSLv3_client_method()); break; @@ -1298,10 +1275,6 @@ int main(int argc, char *argv[]) options.starttls = true; } - // SSL v2 only... - else if (strcmp("--ssl2", argv[argLoop]) == 0) - options.sslVersion = ssl_v2; - // SSL v3 only... else if (strcmp("--ssl3", argv[argLoop]) == 0) options.sslVersion = ssl_v3; @@ -1415,13 +1388,9 @@ int main(int argc, char *argv[]) switch (options.sslVersion) { case ssl_all: - populateCipherList(&options, SSLv2_client_method()); populateCipherList(&options, SSLv3_client_method()); populateCipherList(&options, TLSv1_client_method()); break; - case ssl_v2: - populateCipherList(&options, SSLv2_client_method()); - break; case ssl_v3: populateCipherList(&options, SSLv3_client_method()); break;