diff options
| author | Kurt Roeckx <kurt@roeckx.be> | 2014-11-30 15:35:22 +0100 |
|---|---|---|
| committer | Kurt Roeckx <kurt@roeckx.be> | 2014-12-04 11:55:03 +0100 |
| commit | 45f55f6a5bdcec411ef08a6f8aae41d5d3d234ad (patch) | |
| tree | 56dba3e74061df914c5d4fa2faf89e7a24c6457c /util | |
| parent | 616f71e486d693991b594439c884ec624b32c2d4 (diff) | |
Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'util')
| -rwxr-xr-x | util/bat.sh | 1 | ||||
| -rwxr-xr-x | util/mk1mf.pl | 10 | ||||
| -rwxr-xr-x | util/mkdef.pl | 6 | ||||
| -rwxr-xr-x | util/ssleay.num | 6 |
4 files changed, 6 insertions, 17 deletions
diff --git a/util/bat.sh b/util/bat.sh index 4d9a8287d0..459cd9f7e3 100755 --- a/util/bat.sh +++ b/util/bat.sh @@ -94,7 +94,6 @@ sub var_add @a=grep(!/^e_.*_c$/,@a) if $no_cast; @a=grep(!/^e_rc4$/,@a) if $no_rc4; - @a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; @a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; diff --git a/util/mk1mf.pl b/util/mk1mf.pl index 0fcadcbad8..e83ef7d37d 100755 --- a/util/mk1mf.pl +++ b/util/mk1mf.pl @@ -136,7 +136,7 @@ and [options] can be one of no-rc2 no-rc4 no-rc5 no-idea no-des - Skip this symetric cipher no-bf no-cast no-aes no-camellia no-seed no-rsa no-dsa no-dh - Skip this public key cipher - no-ssl2 no-ssl3 - Skip this version of SSL + no-ssl3 - Skip this version of SSL just-ssl - remove all non-ssl keys/digest no-asm - No x86 asm no-krb5 - No KRB5 @@ -180,9 +180,6 @@ $no_mdc2=1 if ($no_des); $no_ssl3=1 if ($no_md5 || $no_sha); $no_ssl3=1 if ($no_rsa && $no_dh); -$no_ssl2=1 if ($no_md5); -$no_ssl2=1 if ($no_rsa); - $out_def="out"; $inc_def="outinc"; $tmp_def="tmp"; @@ -296,7 +293,6 @@ $cflags.=" -DOPENSSL_NO_DSA" if $no_dsa; $cflags.=" -DOPENSSL_NO_DH" if $no_dh; $cflags.=" -DOPENSSL_NO_WHIRLPOOL" if $no_whirlpool; $cflags.=" -DOPENSSL_NO_SOCK" if $no_sock; -$cflags.=" -DOPENSSL_NO_SSL2" if $no_ssl2; $cflags.=" -DOPENSSL_NO_SSL3" if $no_ssl3; $cflags.=" -DOPENSSL_NO_TLSEXT" if $no_tlsext; $cflags.=" -DOPENSSL_NO_SRP" if $no_srp; @@ -1107,7 +1103,6 @@ sub var_add @a=grep(!/^e_camellia$/,@a) if $no_camellia; @a=grep(!/^e_seed$/,@a) if $no_seed; - #@a=grep(!/(^s2_)|(^s23_)/,@a) if $no_ssl2; #@a=grep(!/(^s3_)|(^s23_)/,@a) if $no_ssl3; @a=grep(!/(_sock$)|(_acpt$)|(_conn$)|(^pxy_)/,@a) if $no_sock; @@ -1430,7 +1425,6 @@ sub read_options "nw-nasm" => \$nw_nasm, "nw-mwasm" => \$nw_mwasm, "gaswin" => \$gaswin, - "no-ssl2" => \$no_ssl2, "no-ssl3" => \$no_ssl3, "no-ssl3-method" => 0, "no-tlsext" => \$no_tlsext, @@ -1451,7 +1445,7 @@ sub read_options "just-ssl" => [\$no_rc2, \$no_idea, \$no_des, \$no_bf, \$no_cast, \$no_md2, \$no_sha, \$no_mdc2, \$no_dsa, \$no_dh, - \$no_ssl2, \$no_err, \$no_ripemd, \$no_rc5, + \$no_err, \$no_ripemd, \$no_rc5, \$no_aes, \$no_camellia, \$no_seed, \$no_srp], "rsaref" => 0, "gcc" => \$gcc, diff --git a/util/mkdef.pl b/util/mkdef.pl index 460d56523a..651fa6acd5 100755 --- a/util/mkdef.pl +++ b/util/mkdef.pl @@ -106,8 +106,6 @@ my @known_algorithms = ( "RC2", "RC4", "RC5", "IDEA", "DES", "BF", "CMS", # CryptoAPI Engine "CAPIENG", - # SSL v2 - "SSL2", # SSL v3 method "SSL3_METHOD", # JPAKE @@ -144,7 +142,7 @@ my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5; my $no_ec; my $no_ecdsa; my $no_ecdh; my $no_engine; my $no_hw; my $no_fp_api; my $no_static_engine=1; my $no_gmp; my $no_deprecated; my $no_rfc3779; my $no_psk; my $no_tlsext; my $no_cms; my $no_capieng; -my $no_jpake; my $no_srp; my $no_ssl2; my $no_ec2m; my $no_nistp_gcc; +my $no_jpake; my $no_srp; my $no_ec2m; my $no_nistp_gcc; my $no_nextprotoneg; my $no_sctp; my $no_srtp; my $no_ssl_trace; my $no_unit_test; my $no_ssl3_method; @@ -240,7 +238,6 @@ foreach (@ARGV, split(/ /, $options)) elsif (/^no-ec2m$/) { $no_ec2m=1; } elsif (/^no-ec-nistp224-64-gcc-128$/) { $no_nistp_gcc=1; } elsif (/^no-nextprotoneg$/) { $no_nextprotoneg=1; } - elsif (/^no-ssl2$/) { $no_ssl2=1; } elsif (/^no-ssl3-method$/) { $no_ssl3_method=1; } elsif (/^no-ssl-trace$/) { $no_ssl_trace=1; } elsif (/^no-capieng$/) { $no_capieng=1; } @@ -1212,7 +1209,6 @@ sub is_valid { return 0; } if ($keyword eq "EC2M" && $no_ec2m) { return 0; } if ($keyword eq "NEXTPROTONEG" && $no_nextprotoneg) { return 0; } - if ($keyword eq "SSL2" && $no_ssl2) { return 0; } if ($keyword eq "SSL3_METHOD" && $no_ssl3_method) { return 0; } if ($keyword eq "SSL_TRACE" && $no_ssl_trace) { return 0; } if ($keyword eq "CAPIENG" && $no_capieng) { return 0; } diff --git a/util/ssleay.num b/util/ssleay.num index a289559c20..53dbe6dabb 100755 --- a/util/ssleay.num +++ b/util/ssleay.num @@ -98,9 +98,9 @@ SSLeay_add_ssl_algorithms 109 NOEXIST::FUNCTION: SSLv23_client_method 110 EXIST::FUNCTION:RSA SSLv23_method 111 EXIST::FUNCTION:RSA SSLv23_server_method 112 EXIST::FUNCTION:RSA -SSLv2_client_method 113 EXIST::FUNCTION:RSA,SSL2 -SSLv2_method 114 EXIST::FUNCTION:RSA,SSL2 -SSLv2_server_method 115 EXIST::FUNCTION:RSA,SSL2 +SSLv2_client_method 113 NOEXIST::FUNCTION: +SSLv2_method 114 NOEXIST::FUNCTION: +SSLv2_server_method 115 NOEXIST::FUNCTION: SSLv3_client_method 116 EXIST::FUNCTION:SSL3_METHOD SSLv3_method 117 EXIST::FUNCTION:SSL3_METHOD SSLv3_server_method 118 EXIST::FUNCTION:SSL3_METHOD |