From 45f55f6a5bdcec411ef08a6f8aae41d5d3d234ad Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Sun, 30 Nov 2014 15:35:22 +0100 Subject: Remove SSLv2 support The only support for SSLv2 left is receiving a SSLv2 compatible client hello. Reviewed-by: Richard Levitte --- Configure | 7 - INSTALL.VMS | 2 +- Netware/do_tests.pl | 32 - apps/ciphers.c | 9 +- apps/s_cb.c | 68 -- apps/s_client.c | 40 +- apps/s_server.c | 15 - apps/s_time.c | 9 - crypto/err/openssl.ec | 1 - crypto/evp/c_alld.c | 1 - crypto/threads/mttest.c | 2 - demos/ssl/cli.cpp | 2 +- doc/apps/ciphers.pod | 25 +- doc/apps/s_client.pod | 18 +- doc/apps/s_server.pod | 6 +- doc/apps/s_time.pod | 10 +- doc/apps/sess_id.pod | 6 +- doc/ssl/SSL_CIPHER_get_name.pod | 4 +- doc/ssl/SSL_CONF_cmd.pod | 11 +- doc/ssl/SSL_CTX_new.pod | 31 +- doc/ssl/SSL_CTX_set_cipher_list.pod | 4 - doc/ssl/SSL_CTX_set_generate_session_id.pod | 26 +- doc/ssl/SSL_CTX_set_options.pod | 11 +- doc/ssl/SSL_get_default_timeout.pod | 2 +- doc/ssl/SSL_get_version.pod | 4 - doc/ssl/SSL_new.pod | 2 +- doc/ssl/SSL_shutdown.pod | 4 +- doc/ssl/ssl.pod | 25 +- makevms.com | 5 +- ms/test.bat | 32 - ms/testce.bat | 32 - ssl/Makefile | 122 --- ssl/s23_clnt.c | 373 ++------- ssl/s23_lib.c | 28 +- ssl/s23_meth.c | 5 - ssl/s23_srvr.c | 65 +- ssl/s2_clnt.c | 1132 -------------------------- ssl/s2_enc.c | 197 ----- ssl/s2_lib.c | 555 ------------- ssl/s2_meth.c | 84 -- ssl/s2_pkt.c | 748 ----------------- ssl/s2_srvr.c | 1154 --------------------------- ssl/s3_enc.c | 2 - ssl/s3_lib.c | 2 - ssl/ssl.h | 115 +-- ssl/ssl2.h | 198 ----- ssl/ssl_algs.c | 1 - ssl/ssl_asn1.c | 51 +- ssl/ssl_cert.c | 9 - ssl/ssl_ciph.c | 16 +- ssl/ssl_conf.c | 2 - ssl/ssl_err.c | 67 -- ssl/ssl_lib.c | 35 +- ssl/ssl_locl.h | 70 +- ssl/ssl_sess.c | 20 +- ssl/ssl_stat.c | 80 -- ssl/ssl_task.c | 5 +- ssl/ssl_txt.c | 14 +- ssl/ssltest.c | 56 +- ssl/t1_enc.c | 1 - ssl/t1_trce.c | 3 - test/Makefile | 7 +- test/testsid.pem | 46 +- test/testssl | 28 - test/testssl.com | 38 - util/bat.sh | 1 - util/mk1mf.pl | 10 +- util/mkdef.pl | 6 +- util/ssleay.num | 6 +- 69 files changed, 229 insertions(+), 5569 deletions(-) delete mode 100644 ssl/s2_clnt.c delete mode 100644 ssl/s2_enc.c delete mode 100644 ssl/s2_lib.c delete mode 100644 ssl/s2_meth.c delete mode 100644 ssl/s2_pkt.c delete mode 100644 ssl/s2_srvr.c diff --git a/Configure b/Configure index 708594a7e5..5e9337c504 100755 --- a/Configure +++ b/Configure @@ -847,7 +847,6 @@ PROCESS_ARGS: { if ($1 eq "ssl") { - $disabled{"ssl2"} = "option(ssl)"; $disabled{"ssl3"} = "option(ssl)"; } elsif ($1 eq "tls") @@ -1062,12 +1061,6 @@ if (defined($disabled{"ec"})) $disabled{"ecdh"} = "forced"; } -# SSL 2.0 requires MD5 and RSA -if (defined($disabled{"md5"}) || defined($disabled{"rsa"})) - { - $disabled{"ssl2"} = "forced"; - } - # SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH if (defined($disabled{"md5"}) || defined($disabled{"sha"}) || (defined($disabled{"rsa"}) diff --git a/INSTALL.VMS b/INSTALL.VMS index e5d43a57ab..6a50e6f4e7 100644 --- a/INSTALL.VMS +++ b/INSTALL.VMS @@ -134,7 +134,7 @@ Currently, the logical names supported are: will not be implemented. Supported algorithms to do this with are: RSA, DSA, DH, MD2, MD4, MD5, RIPEMD, SHA, DES, MDC2, CR2, RC4, RC5, IDEA, BF, CAST, HMAC, - SSL2. So, for example, having the logical name + SSL3. So, for example, having the logical name OPENSSL_NO_RSA with the value YES means that the LIBCRYPTO.OLB library will not contain an RSA implementation. diff --git a/Netware/do_tests.pl b/Netware/do_tests.pl index ac482dbe2b..f8909a43cc 100644 --- a/Netware/do_tests.pl +++ b/Netware/do_tests.pl @@ -270,22 +270,6 @@ sub ssl_tests print( OUT "\n========================================================\n"); print( OUT "SSL TESTS:\n\n"); - system("ssltest -ssl2 (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2:"); - log_output("ssltest -ssl2", $outFile); - - system("$ssltest -ssl2 -server_auth (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 with server authentication:"); - log_output("$ssltest -ssl2 -server_auth", $outFile); - - system("$ssltest -ssl2 -client_auth (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 with client authentication:"); - log_output("$ssltest -ssl2 -client_auth", $outFile); - - system("$ssltest -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 with both client and server authentication:"); - log_output("$ssltest -ssl2 -server_auth -client_auth", $outFile); - system("ssltest -ssl3 (CLIB_OPT)/>$outFile"); log_desc("Testing sslv3:"); log_output("ssltest -ssl3", $outFile); @@ -318,26 +302,10 @@ sub ssl_tests log_desc("Testing sslv2/sslv3 with both client and server authentication:"); log_output("$ssltest -server_auth -client_auth", $outFile); - system("ssltest -bio_pair -ssl2 (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 via BIO pair:"); - log_output("ssltest -bio_pair -ssl2", $outFile); - system("ssltest -bio_pair -dhe1024dsa -v (CLIB_OPT)/>$outFile"); log_desc("Testing sslv2/sslv3 with 1024 bit DHE via BIO pair:"); log_output("ssltest -bio_pair -dhe1024dsa -v", $outFile); - system("$ssltest -bio_pair -ssl2 -server_auth (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 with server authentication via BIO pair:"); - log_output("$ssltest -bio_pair -ssl2 -server_auth", $outFile); - - system("$ssltest -bio_pair -ssl2 -client_auth (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 with client authentication via BIO pair:"); - log_output("$ssltest -bio_pair -ssl2 -client_auth", $outFile); - - system("$ssltest -bio_pair -ssl2 -server_auth -client_auth (CLIB_OPT)/>$outFile"); - log_desc("Testing sslv2 with both client and server authentication via BIO pair:"); - log_output("$ssltest -bio_pair -ssl2 -server_auth -client_auth", $outFile); - system("ssltest -bio_pair -ssl3 (CLIB_OPT)/>$outFile"); log_desc("Testing sslv3 via BIO pair:"); log_output("ssltest -bio_pair -ssl3", $outFile); diff --git a/apps/ciphers.c b/apps/ciphers.c index 85760cd42d..7de7dd3b38 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -73,7 +73,6 @@ static const char *ciphers_usage[]={ "usage: ciphers args\n", " -v - verbose mode, a textual listing of the SSL/TLS ciphers in OpenSSL\n", " -V - even more verbose\n", -" -ssl2 - SSL2 mode\n", " -ssl3 - SSL3 mode\n", " -tls1 - TLS1 mode\n", NULL @@ -130,10 +129,6 @@ int MAIN(int argc, char **argv) else if (strcmp(*argv,"-stdname") == 0) stdname=verbose=1; #endif -#ifndef OPENSSL_NO_SSL2 - else if (strcmp(*argv,"-ssl2") == 0) - meth=SSLv2_client_method(); -#endif #ifndef OPENSSL_NO_SSL3 else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); @@ -210,9 +205,7 @@ int MAIN(int argc, char **argv) int id2 = (int)((id >> 8) & 0xffL); int id3 = (int)(id & 0xffL); - if ((id & 0xff000000L) == 0x02000000L) - BIO_printf(STDout, " 0x%02X,0x%02X,0x%02X - ", id1, id2, id3); /* SSL2 cipher */ - else if ((id & 0xff000000L) == 0x03000000L) + if ((id & 0xff000000L) == 0x03000000L) BIO_printf(STDout, " 0x%02X,0x%02X - ", id2, id3); /* SSL3 cipher */ else BIO_printf(STDout, "0x%02X,0x%02X,0x%02X,0x%02X - ", id0, id1, id2, id3); /* whatever */ diff --git a/apps/s_cb.c b/apps/s_cb.c index 0184125447..f3892f92e6 100644 --- a/apps/s_cb.c +++ b/apps/s_cb.c @@ -621,8 +621,6 @@ static const char *ssl_version_str(int version) { switch (version) { - case SSL2_VERSION: - return "SSL 2.0"; case SSL3_VERSION: return "SSL 3.0"; case TLS1_VERSION: @@ -649,67 +647,6 @@ void MS_CALLBACK msg_cb(int write_p, int version, int content_type, const void * str_version = ssl_version_str(version); - if (version == SSL2_VERSION) - { - str_details1 = "???"; - - if (len > 0) - { - switch (((const unsigned char*)buf)[0]) - { - case 0: - str_details1 = ", ERROR:"; - str_details2 = " ???"; - if (len >= 3) - { - unsigned err = (((const unsigned char*)buf)[1]<<8) + ((const unsigned char*)buf)[2]; - - switch (err) - { - case 0x0001: - str_details2 = " NO-CIPHER-ERROR"; - break; - case 0x0002: - str_details2 = " NO-CERTIFICATE-ERROR"; - break; - case 0x0004: - str_details2 = " BAD-CERTIFICATE-ERROR"; - break; - case 0x0006: - str_details2 = " UNSUPPORTED-CERTIFICATE-TYPE-ERROR"; - break; - } - } - - break; - case 1: - str_details1 = ", CLIENT-HELLO"; - break; - case 2: - str_details1 = ", CLIENT-MASTER-KEY"; - break; - case 3: - str_details1 = ", CLIENT-FINISHED"; - break; - case 4: - str_details1 = ", SERVER-HELLO"; - break; - case 5: - str_details1 = ", SERVER-VERIFY"; - break; - case 6: - str_details1 = ", SERVER-FINISHED"; - break; - case 7: - str_details1 = ", REQUEST-CERTIFICATE"; - break; - case 8: - str_details1 = ", CLIENT-CERTIFICATE"; - break; - } - } - } - if (version == SSL3_VERSION || version == TLS1_VERSION || version == TLS1_1_VERSION || @@ -1829,11 +1766,6 @@ static int security_callback_debug(SSL *s, SSL_CTX *ctx, case SSL_SECOP_CURVE_CHECK: nm = "Check Curve"; break; - case SSL_SECOP_SSL2_COMPAT: - BIO_puts(sdb->out, "SSLv2 compatible"); - show_bits = 0; - nm = NULL; - break; case SSL_SECOP_VERSION: BIO_printf(sdb->out, "Version=%s", ssl_version_str(nid)); show_bits = 0; diff --git a/apps/s_client.c b/apps/s_client.c index cde7713300..1a30ef2241 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -335,7 +335,6 @@ static void sc_usage(void) BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known g N values.\n"); BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N (default %d).\n",SRP_MINIMAL_N); #endif - BIO_printf(bio_err," -ssl2 - just use SSLv2\n"); #ifndef OPENSSL_NO_SSL3_METHOD BIO_printf(bio_err," -ssl3 - just use SSLv3\n"); #endif @@ -345,9 +344,8 @@ static void sc_usage(void) BIO_printf(bio_err," -dtls1 - just use DTLSv1\n"); BIO_printf(bio_err," -fallback_scsv - send TLS_FALLBACK_SCSV\n"); BIO_printf(bio_err," -mtu - set the link layer MTU\n"); - BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 - turn off that protocol\n"); + BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3 - turn off that protocol\n"); BIO_printf(bio_err," -bugs - Switch on all SSL implementation bug workarounds\n"); - BIO_printf(bio_err," -serverpref - Use server's cipher preferences (only SSLv2)\n"); BIO_printf(bio_err," -cipher - preferred cipher to use, use the 'openssl ciphers'\n"); BIO_printf(bio_err," command to see what is available\n"); BIO_printf(bio_err," -starttls prot - use the STARTTLS command before starting TLS\n"); @@ -912,10 +910,6 @@ static char *jpake_secret = NULL; meth=TLSv1_client_method(); } #endif -#ifndef OPENSSL_NO_SSL2 - else if (strcmp(*argv,"-ssl2") == 0) - meth=SSLv2_client_method(); -#endif #ifndef OPENSSL_NO_SSL3_METHOD else if (strcmp(*argv,"-ssl3") == 0) meth=SSLv3_client_method(); @@ -2198,14 +2192,12 @@ end: static void print_stuff(BIO *bio, SSL *s, int full) { X509 *peer=NULL; - char *p; - static const char *space=" "; char buf[BUFSIZ]; STACK_OF(X509) *sk; STACK_OF(X509_NAME) *sk2; const SSL_CIPHER *c; X509_NAME *xn; - int j,i; + int i; #ifndef OPENSSL_NO_COMP const COMP_METHOD *comp, *expansion; #endif @@ -2267,34 +2259,6 @@ static void print_stuff(BIO *bio, SSL *s, int full) { BIO_printf(bio,"---\nNo client certificate CA names sent\n"); } - p=SSL_get_shared_ciphers(s,buf,sizeof buf); - if (p != NULL) - { - /* This works only for SSL 2. In later protocol - * versions, the client does not know what other - * ciphers (in addition to the one to be used - * in the current connection) the server supports. */ - - BIO_printf(bio,"---\nCiphers common between both SSL endpoints:\n"); - j=i=0; - while (*p) - { - if (*p == ':') - { - BIO_write(bio,space,15-j%25); - i++; - j=0; - BIO_write(bio,((i%3)?" ":"\n"),1); - } - else - { - BIO_write(bio,p,1); - j++; - } - p++; - } - BIO_write(bio,"\n",1); - } ssl_print_sigalgs(bio, s); ssl_print_tmp_key(bio, s); diff --git a/apps/s_server.c b/apps/s_server.c index d7d3ab25d6..504d3d9f07 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -508,7 +508,6 @@ static void sv_usage(void) BIO_printf(bio_err," -srpvfile file - The verifier file for SRP\n"); BIO_printf(bio_err," -srpuserseed string - A seed string for a default user salt.\n"); #endif - BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n"); #ifndef OPENSSL_NO_SSL3_METHOD BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n"); #endif @@ -520,7 +519,6 @@ static void sv_usage(void) BIO_printf(bio_err," -timeout - Enable timeouts\n"); BIO_printf(bio_err," -mtu - Set link layer MTU\n"); BIO_printf(bio_err," -chain - Read a certificate chain\n"); - BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n"); BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n"); BIO_printf(bio_err," -no_tls1 - Just disable TLSv1\n"); BIO_printf(bio_err," -no_tls1_1 - Just disable TLSv1.1\n"); @@ -1406,13 +1404,6 @@ int MAIN(int argc, char *argv[]) { www=2; } else if (strcmp(*argv,"-HTTP") == 0) { www=3; } -#ifndef OPENSSL_NO_SSL2 - else if (strcmp(*argv,"-ssl2") == 0) - { - no_ecdhe=1; - meth=SSLv2_server_method(); - } -#endif #ifndef OPENSSL_NO_SSL3_METHOD else if (strcmp(*argv,"-ssl3") == 0) { meth=SSLv3_server_method(); } @@ -1768,9 +1759,6 @@ bad: if(strlen(session_id_prefix) >= 32) BIO_printf(bio_err, "warning: id_prefix is too long, only one new session will be possible\n"); - else if(strlen(session_id_prefix) >= 16) - BIO_printf(bio_err, -"warning: id_prefix is too long if you use SSLv2\n"); if(!SSL_CTX_set_generate_session_id(ctx, generate_session_id)) { BIO_printf(bio_err,"error setting 'id_prefix'\n"); @@ -1855,9 +1843,6 @@ bad: if(strlen(session_id_prefix) >= 32) BIO_printf(bio_err, "warning: id_prefix is too long, only one new session will be possible\n"); - else if(strlen(session_id_prefix) >= 16) - BIO_printf(bio_err, - "warning: id_prefix is too long if you use SSLv2\n"); if(!SSL_CTX_set_generate_session_id(ctx2, generate_session_id)) { BIO_printf(bio_err,"error setting 'id_prefix'\n"); diff --git a/apps/s_time.c b/apps/s_time.c index 81dad53243..6542be2827 100644 --- a/apps/s_time.c +++ b/apps/s_time.c @@ -186,7 +186,6 @@ static void s_time_usage(void) printf("-connect host:port - host:port to connect to (default is %s)\n",SSL_CONNECT_NAME); #ifdef FIONBIO printf("-nbio - Run with non-blocking IO\n"); - printf("-ssl2 - Just use SSLv2\n"); printf("-ssl3 - Just use SSLv3\n"); printf("-bugs - Turn on SSL bug compatibility\n"); printf("-new - Just time new connections\n"); @@ -282,10 +281,6 @@ static int parseArgs(int argc, char **argv) } else if(strcmp(*argv,"-bugs") == 0) st_bugs=1; -#ifndef OPENSSL_NO_SSL2 - else if(strcmp(*argv,"-ssl2") == 0) - s_time_meth=SSLv2_client_method(); -#endif #ifndef OPENSSL_NO_SSL3 else if(strcmp(*argv,"-ssl3") == 0) s_time_meth=SSLv3_client_method(); @@ -430,8 +425,6 @@ int MAIN(int argc, char **argv) ver='t'; else if (ver == SSL3_VERSION) ver='3'; - else if (ver == SSL2_VERSION) - ver='2'; else ver='*'; } @@ -523,8 +516,6 @@ next: ver='t'; else if (ver == SSL3_VERSION) ver='3'; - else if (ver == SSL2_VERSION) - ver='2'; else ver='*'; } diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec index 547796baa7..33005ccee3 100644 --- a/crypto/err/openssl.ec +++ b/crypto/err/openssl.ec @@ -51,7 +51,6 @@ F RSAREF_F_RSA_PRIVATE_DECRYPT F RSAREF_F_RSA_PRIVATE_ENCRYPT F RSAREF_F_RSA_PUBLIC_DECRYPT F RSAREF_F_RSA_PUBLIC_ENCRYPT -#F SSL_F_CLIENT_CERTIFICATE R SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 R SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 diff --git a/crypto/evp/c_alld.c b/crypto/evp/c_alld.c index 311e1fe2f8..99f9cd568f 100644 --- a/crypto/evp/c_alld.c +++ b/crypto/evp/c_alld.c @@ -69,7 +69,6 @@ void OpenSSL_add_all_digests(void) #endif #ifndef OPENSSL_NO_MD5 EVP_add_digest(EVP_md5()); - EVP_add_digest_alias(SN_md5,"ssl2-md5"); EVP_add_digest_alias(SN_md5,"ssl3-md5"); #endif #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA0) diff --git a/crypto/threads/mttest.c b/crypto/threads/mttest.c index eba7aa8a6e..da2707ef7a 100644 --- a/crypto/threads/mttest.c +++ b/crypto/threads/mttest.c @@ -217,8 +217,6 @@ int main(int argc, char *argv[]) cache_stats=1; else if (strcmp(*argv,"-ssl3") == 0) ssl_method=SSLv3_method(); - else if (strcmp(*argv,"-ssl2") == 0) - ssl_method=SSLv2_method(); else if (strcmp(*argv,"-CApath") == 0) { if (--argc < 1) goto bad; diff --git a/demos/ssl/cli.cpp b/demos/ssl/cli.cpp index 5b4406d16f..a5bee1c7b9 100644 --- a/demos/ssl/cli.cpp +++ b/demos/ssl/cli.cpp @@ -38,7 +38,7 @@ void main () SSL_METHOD *meth; SSLeay_add_ssl_algorithms(); - meth = SSLv2_client_method(); + meth = SSLv23_client_method(); SSL_load_error_strings(); ctx = SSL_CTX_new (meth); CHK_NULL(ctx); diff --git a/doc/apps/ciphers.pod b/doc/apps/ciphers.pod index 6bdc07746e..5f8dac4e19 100644 --- a/doc/apps/ciphers.pod +++ b/doc/apps/ciphers.pod @@ -10,7 +10,6 @@ B B [B<-s>] [B<-v>] [B<-V>] -[B<-ssl2>] [B<-ssl3>] [B<-tls1>] [B<-stdname>] @@ -35,12 +34,9 @@ not used then ciphers excluded by the security level will still be listed. =item B<-v> Verbose option. List ciphers with a complete description of -protocol version (SSLv2 or SSLv3; the latter includes TLS), key exchange, +protocol version, key exchange, authentication, encryption and mac algorithms used along with any key size restrictions and whether the algorithm is classed as an "export" cipher. -Note that without the B<-v> option, ciphers may seem to appear twice -in a cipher list; this is when similar ciphers are available for -SSL v2 and for SSL v3/TLS v1. =item B<-V> @@ -50,10 +46,6 @@ Like B<-v>, but include cipher suite codes in output (hex format). only include SSL v3 ciphers. -=item B<-ssl2> - -only include SSL v2 ciphers. - =item B<-tls1> only include TLS v1 ciphers. @@ -259,9 +251,9 @@ keys. ciphers suites using FORTEZZA key exchange, authentication, encryption or all FORTEZZA algorithms. Not implemented. -=item B, B, B, B +=item B, B, B -TLS v1.2, TLS v1.0, SSL v3.0 or SSL v2.0 cipher suites respectively. Note: +TLS v1.2, TLS v1.0 or SSL v3.0 cipher suites respectively. Note: there are no ciphersuites specific to TLS v1.1. =item B, B, B @@ -605,17 +597,6 @@ Note: these ciphers can also be used in SSL v3. TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA -=head2 Deprecated SSL v2.0 cipher suites. - - SSL_CK_RC4_128_WITH_MD5 RC4-MD5 - SSL_CK_RC4_128_EXPORT40_WITH_MD5 EXP-RC4-MD5 - SSL_CK_RC2_128_CBC_WITH_MD5 RC2-MD5 - SSL_CK_RC2_128_CBC_EXPORT40_WITH_MD5 EXP-RC2-MD5 - SSL_CK_IDEA_128_CBC_WITH_MD5 IDEA-CBC-MD5 - SSL_CK_DES_64_CBC_WITH_MD5 DES-CBC-MD5 - SSL_CK_DES_192_EDE3_CBC_WITH_MD5 DES-CBC3-MD5 - - =head1 NOTES Some compiled versions of OpenSSL may not include all the ciphers diff --git a/doc/apps/s_client.pod b/doc/apps/s_client.pod index 2057dc86e0..17308b4801 100644 --- a/doc/apps/s_client.pod +++ b/doc/apps/s_client.pod @@ -58,10 +58,8 @@ B B [B<-ign_eof>] [B<-no_ign_eof>] [B<-quiet>] -[B<-ssl2>] [B<-ssl3>] [B<-tls1>] -[B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] [B<-no_tls1_1>] @@ -248,11 +246,11 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. +servers and permit them to use SSL v3 or TLS as appropriate. Unfortunately there are still ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only @@ -279,10 +277,6 @@ the server determines which cipher suite is used it should take the first supported cipher in the list sent by the client. See the B command for more information. -=item B<-serverpref> - -use the server's cipher preferences; only used for SSLV2. - =item B<-starttls protocol> send the protocol-specific message(s) to switch to TLS for communication. @@ -373,8 +367,8 @@ would typically be used (https uses port 443). If the connection succeeds then an HTTP command can be given such as "GET /" to retrieve a web page. If the handshake fails then there are several possible causes, if it is -nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, -B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> options can be tried +nothing obvious like no client certificate then the B<-bugs>, +B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. @@ -396,10 +390,6 @@ on the command line is no guarantee that the certificate works. If there are problems verifying a server certificate then the B<-showcerts> option can be used to show the whole chain. -Since the SSLv23 client hello cannot include compression methods or extensions -these will only be supported if its use is disabled, for example by using the -B<-no_sslv2> option. - The B utility is a test tool and is designed to continue the handshake after any certificate verification errors. As a result it will accept any certificate chain (trusted or not) sent by the peer. None test diff --git a/doc/apps/s_server.pod b/doc/apps/s_server.pod index 3085944e4b..1cc965f3e9 100644 --- a/doc/apps/s_server.pod +++ b/doc/apps/s_server.pod @@ -64,10 +64,8 @@ B B [B<-serverpref>] [B<-quiet>] [B<-no_tmp_rsa>] -[B<-ssl2>] [B<-ssl3>] [B<-tls1>] -[B<-no_ssl2>] [B<-no_ssl3>] [B<-no_tls1>] [B<-no_dhe>] @@ -279,11 +277,11 @@ Use the PSK key B when using a PSK cipher suite. The key is given as a hexadecimal number without leading 0x, for example -psk 1a2b3c4d. -=item B<-ssl2>, B<-ssl3>, B<-tls1>, B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1> +=item B<-ssl3>, B<-tls1>, B<-no_ssl3>, B<-no_tls1> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. +servers and permit them to use SSL v3 or TLS as appropriate. =item B<-bugs> diff --git a/doc/apps/s_time.pod b/doc/apps/s_time.pod index 5a38aa2e03..b8dad09a03 100644 --- a/doc/apps/s_time.pod +++ b/doc/apps/s_time.pod @@ -19,7 +19,6 @@ B B [B<-verify depth>] [B<-nbio>] [B<-time seconds>] -[B<-ssl2>] [B<-ssl3>] [B<-bugs>] [B<-cipher cipherlist>] @@ -92,18 +91,17 @@ specified, they are both on by default and executed in sequence. turns on non-blocking I/O. -=item B<-ssl2>, B<-ssl3> +=item B<-ssl3> these options disable the use of certain SSL or TLS protocols. By default the initial handshake uses a method which should be compatible with all -servers and permit them to use SSL v3, SSL v2 or TLS as appropriate. +servers and permit them to use SSL v3 or TLS as appropriate. The timing program is not as rich in options to turn protocols on and off as the L program and may not connect to all servers. Unfortunately there are a lot of ancient and broken servers in use which cannot handle this technique and will fail to connect. Some servers only -work if TLS is turned off with the B<-ssl3> option; others -will only support SSL v2 and may need the B<-ssl2> option. +work if TLS is turned off with the B<-ssl3> option. =item B<-bugs> @@ -137,7 +135,7 @@ which both client and server can agree, see the L command for details. If the handshake fails then there are several possible causes, if it is -nothing obvious like no client certificate then the B<-bugs>, B<-ssl2>, +nothing obvious like no client certificate then the B<-bugs> and B<-ssl3> options can be tried in case it is a buggy server. In particular you should play with these options B submitting a bug report to an OpenSSL mailing list. diff --git a/doc/apps/sess_id.pod b/doc/apps/sess_id.pod index fb5ce12962..a8b0ef09eb 100644 --- a/doc/apps/sess_id.pod +++ b/doc/apps/sess_id.pod @@ -92,7 +92,7 @@ Theses are described below in more detail. =item B -this is the protocol in use TLSv1, SSLv3 or SSLv2. +this is the protocol in use TLSv1.2, TLSv1.1, TLSv1 or SSLv3. =item B @@ -111,10 +111,6 @@ the session ID context in hex format. this is the SSL session master key. -=item B - -the key argument, this is only used in SSL v2. - =item B this is the session start time represented as an integer in standard Unix format. diff --git a/doc/ssl/SSL_CIPHER_get_name.pod b/doc/ssl/SSL_CIPHER_get_name.pod index 2048bfb8a1..ec7011efe9 100644 --- a/doc/ssl/SSL_CIPHER_get_name.pod +++ b/doc/ssl/SSL_CIPHER_get_name.pod @@ -25,7 +25,7 @@ chosen algorithm. If B is NULL, 0 is returned. SSL_CIPHER_get_version() returns string which indicates the SSL/TLS protocol version that first defined the cipher. -This is currently B or B. +This is currently B. In some cases it should possibly return "TLSv1.2" but does not; use SSL_CIPHER_description() instead. If B is NULL, "(NONE)" is returned. @@ -56,7 +56,7 @@ Textual representation of the cipher name. =item -Protocol version: B, B, B. The TLSv1.0 ciphers are +Protocol version: B, B. The TLSv1.0 ciphers are flagged with SSLv3. No new ciphers were added by TLSv1.1. =item Kx= diff --git a/doc/ssl/SSL_CONF_cmd.pod b/doc/ssl/SSL_CONF_cmd.pod index f96d8d941d..90a20d6c49 100644 --- a/doc/ssl/SSL_CONF_cmd.pod +++ b/doc/ssl/SSL_CONF_cmd.pod @@ -109,10 +109,10 @@ Attempts to use the file B as the set of temporary DH parameters for the appropriate context. This option is only supported if certificate operations are permitted. -=item B<-no_ssl2>, B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> +=item B<-no_ssl3>, B<-no_tls1>, B<-no_tls1_1>, B<-no_tls1_2> -Disables protocol support for SSLv2, SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 -by setting the corresponding options B, B, +Disables protocol support for SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2 +by setting the corresponding options B, B, B and B respectively. =item B<-bugs> @@ -259,7 +259,7 @@ The supported versions of the SSL or TLS protocol. The B argument is a comma separated list of supported protocols to enable or disable. If an protocol is preceded by B<-> that version is disabled. All versions are enabled by default, though applications may choose to -explicitly disable some. Currently supported protocol values are B, +explicitly disable some. Currently supported protocol values are B, B, B and B. The special value B refers to all supported versions. @@ -435,4 +435,7 @@ L SSL_CONF_cmd() was first added to OpenSSL 1.0.2 +B doesn't have effect anymore since 1.1.0 but the define is kept +for backward compatibility. + =cut diff --git a/doc/ssl/SSL_CTX_new.pod b/doc/ssl/SSL_CTX_new.pod index 7593cf60cf..0da3f7be8e 100644 --- a/doc/ssl/SSL_CTX_new.pod +++ b/doc/ssl/SSL_CTX_new.pod @@ -2,7 +2,7 @@ =head1 NAME -SSL_CTX_new, SSLv2_method, SSLv2_server_method, SSLv2_client_method, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions +SSL_CTX_new, SSLv3_method, SSLv3_server_method, SSLv3_client_method, TLSv1_method, TLSv1_server_method, TLSv1_client_method, TLSv1_1_method, TLSv1_1_server_method, TLSv1_1_client_method, SSLv23_method, SSLv23_server_method, SSLv23_client_method - create a new SSL_CTX object as framework for TLS/SSL enabled functions =head1 SYNOPSIS @@ -23,14 +23,6 @@ client only type. B can be of the following types: =over 4 -=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void) - -A TLS/SSL connection established with these methods will only understand -the SSLv2 protocol. A client will send out SSLv2 client hello messages -and will also indicate that it only understand SSLv2. A server will only -understand SSLv2 client hello messages. The SSLv2 protocol is deprecated -and very broken: its use is B discouraged. - =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void) A TLS/SSL connection established with these methods will only understand the @@ -62,33 +54,25 @@ SSLv3 client hello messages. =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void) -A TLS/SSL connection established with these methods may understand the SSLv2, +A TLS/SSL connection established with these methods may understand the SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. -If the cipher list does not contain any SSLv2 ciphersuites (the default -cipher list does not) or extensions are required (for example server name) +If extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3. A server will support SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols. This is the best choice when compatibility is a concern. -If any SSLv2 ciphersuites are included in the cipher list and no extensions -are required then SSLv2 compatible client hellos will be used by clients and -SSLv2 will be accepted by servers. This is B recommended due to the -insecurity of SSLv2 and the limited nature of the SSLv2 client hello -prohibiting the use of extensions. - =back -The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, +The list of protocols available can later be limited using the SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 options of the SSL_CTX_set_options() or SSL_set_options() functions. Using these options it is possible to choose e.g. SSLv23_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like TLSv1, TLSv1.1 or TLS v1.2. -Applications which never want to support SSLv2 (even is the cipher string -is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2. +Applications which never want to support SSLv3 can set SSL_OP_NO_SSLv3. SSL_CTX_new() initializes the list of ciphers, the session cache setting, the callbacks, the keys and certificates and the options to its default @@ -111,6 +95,11 @@ The return value points to an allocated SSL_CTX object. =back +=head1 HISTORY + +SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in +OpenSSL 1.1.0. + =head1 SEE ALSO L, L, diff --git a/doc/ssl/SSL_CTX_set_cipher_list.pod b/doc/ssl/SSL_CTX_set_cipher_list.pod index 8b41917334..c2c349f65e 100644 --- a/doc/ssl/SSL_CTX_set_cipher_list.pod +++ b/doc/ssl/SSL_CTX_set_cipher_list.pod @@ -54,10 +54,6 @@ of 512 bits and the server is not configured to use temporary RSA keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated and the handshake will fail. -If the cipher list does not contain any SSLv2 cipher suites (this is the -default) then SSLv2 is effectively disabled and neither clients nor servers -will attempt to use SSLv2. - =head1 RETURN VALUES SSL_CTX_set_cipher_list() and SSL_set_cipher_list() return 1 if any cipher diff --git a/doc/ssl/SSL_CTX_set_generate_session_id.pod b/doc/ssl/SSL_CTX_set_generate_session_id.pod index 798e8443a7..cd72572b27 100644 --- a/doc/ssl/SSL_CTX_set_generate_session_id.pod +++ b/doc/ssl/SSL_CTX_set_generate_session_id.pod @@ -32,9 +32,8 @@ of the parent context of B. When a new session is established between client and server, the server generates a session id. The session id is an arbitrary sequence of bytes. -The length of the session id is 16 bytes for SSLv2 sessions and between -1 and 32 bytes for SSLv3/TLSv1. The session id is not security critical -but must be unique for the server. Additionally, the session id is +The length of the session id is between 1 and 32 bytes. The session id is not +security critical but must be unique for the server. Additionally, the session id is transmitted in the clear when reusing the session so it must not contain sensitive information. @@ -51,21 +50,14 @@ The callback is only allowed to generate a shorter id and reduce B; the callback B increase B or write to the location B exceeding the given limit. -If a SSLv2 session id is generated and B is reduced, it will be -restored after the callback has finished and the session id will be padded -with 0x00. It is not recommended to change the B for SSLv2 sessions. -The callback can use the L function -to check, whether the session is of type SSLv2. - The location B is filled with 0x00 before the callback is called, so the callback may only fill part of the possible length and leave B untouched while maintaining reproducibility. Since the sessions must be distinguished, session ids must be unique. Without the callback a random number is used, so that the probability -of generating the same session id is extremely small (2^128 possible ids -for an SSLv2 session, 2^256 for SSLv3/TLSv1). In order to assure the -uniqueness of the generated session id, the callback must call +of generating the same session id is extremely small (2^256 for SSLv3/TLSv1). +In order to assure the uniqueness of the generated session id, the callback must call SSL_has_matching_session_id() and generate another id if a conflict occurs. If an id conflict is not resolved, the handshake will fail. If the application codes e.g. a unique host id, a unique process number, and @@ -85,10 +77,6 @@ Collisions can also occur when using an external session cache, since the external cache is not tested with SSL_has_matching_session_id() and the same race condition applies. -When calling SSL_has_matching_session_id() for an SSLv2 session with -reduced B, the match operation will be performed using the -fixed length required and with a 0x00 padded id. - The callback must return 0 if it cannot generate a session id for whatever reason and return 1 on success. @@ -104,12 +92,6 @@ server id given, and will fill the rest with pseudo random bytes: unsigned int *id_len) { unsigned int count = 0; - const char *version; - - version = SSL_get_version(ssl); - if (!strcmp(version, "SSLv2")) - /* we must not change id_len */; - do { RAND_pseudo_bytes(id, *id_len); /* Prefix the session_id with the required prefix. NB: If our diff --git a/doc/ssl/SSL_CTX_set_options.pod b/doc/ssl/SSL_CTX_set_options.pod index 65062ad68c..1594fb6eec 100644 --- a/doc/ssl/SSL_CTX_set_options.pod +++ b/doc/ssl/SSL_CTX_set_options.pod @@ -63,18 +63,11 @@ The following B options are available: =item SSL_OP_MICROSOFT_SESS_ID_BUG -www.microsoft.com - when talking SSLv2, if session-id reuse is -performed, the session-id passed back in the server-finished message -is different from the one decided upon. +As of OpenSSL 1.0.0 this option has no effect. =item SSL_OP_NETSCAPE_CHALLENGE_BUG -Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte -challenge but then appears to only use 16 bytes when generating the -encryption keys. Using 16 bytes is ok but it should be ok to use 32. -According to the SSLv3 spec, one should use 32 bytes for the challenge -when operating in SSLv2/v3 compatibility mode, but as mentioned above, -this breaks this server so 16 bytes is the way to go. +As of OpenSSL 1.0.0 this option has no effect. =item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG diff --git a/doc/ssl/SSL_get_default_timeout.pod b/doc/ssl/SSL_get_default_timeout.pod index a648a9b82d..3a067fe892 100644 --- a/doc/ssl/SSL_get_default_timeout.pod +++ b/doc/ssl/SSL_get_default_timeout.pod @@ -24,7 +24,7 @@ L, the hardcoded default timeout for the protocol will be used. SSL_get_default_timeout() return this hardcoded value, which is 300 seconds -for all currently supported protocols (SSLv2, SSLv3, and TLSv1). +for all currently supported protocols. =head1 RETURN VALUES diff --git a/doc/ssl/SSL_get_version.pod b/doc/ssl/SSL_get_version.pod index 9ae6f25508..b91bb47f78 100644 --- a/doc/ssl/SSL_get_version.pod +++ b/doc/ssl/SSL_get_version.pod @@ -21,10 +21,6 @@ The following strings can be returned: =over 4 -=item SSLv2 - -The connection uses the SSLv2 protocol. - =item SSLv3 The connection uses the SSLv3 protocol. diff --git a/doc/ssl/SSL_new.pod b/doc/ssl/SSL_new.pod index 25300e978f..f0774a57ae 100644 --- a/doc/ssl/SSL_new.pod +++ b/doc/ssl/SSL_new.pod @@ -14,7 +14,7 @@ SSL_new - create a new SSL structure for a connection SSL_new() creates a new B structure which is needed to hold the data for a TLS/SSL connection. The new structure inherits the settings -of the underlying context B: connection method (SSLv2/v3/TLSv1), +of the underlying context B: connection method, options, verification settings, timeout settings. =head1 RETURN VALUES diff --git a/doc/ssl/SSL_shutdown.pod b/doc/ssl/SSL_shutdown.pod index efbff5a0a3..b2bf9cb1b8 100644 --- a/doc/ssl/SSL_shutdown.pod +++ b/doc/ssl/SSL_shutdown.pod @@ -60,9 +60,7 @@ SSL_get_shutdown() (see also L call. It is therefore recommended, to check the return value of SSL_shutdown() and call SSL_shutdown() again, if the bidirectional shutdown is not yet -complete (return value of the first call is 0). As the shutdown is not -specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on -the first call. +complete (return value of the first call is 0). The behaviour of SSL_shutdown() additionally depends on the underlying BIO. diff --git a/doc/ssl/ssl.pod b/doc/ssl/ssl.pod index 8d5b8c380e..ceb9766245 100644 --- a/doc/ssl/ssl.pod +++ b/doc/ssl/ssl.pod @@ -45,8 +45,8 @@ structures: =item B (SSL Method) That's a dispatch structure describing the internal B library -methods/functions which implement the various protocol versions (SSLv1, SSLv2 -and TLSv1). It's needed to create an B. +methods/functions which implement the various protocol versions (SSLv3 +TLSv1, ...). It's needed to create an B. =item B (SSL Cipher) @@ -105,8 +105,8 @@ it's already included by ssl.h>. =item B -That's the sub header file dealing with the combined use of the SSLv2 and -SSLv3 protocols. +That's the sub header file dealing with the combined use of different +protocol version. I. @@ -130,18 +130,6 @@ protocol methods defined in B structures. =over 4 -=item const SSL_METHOD *B(void); - -Constructor for the SSLv2 SSL_METHOD structure for a dedicated client. - -=item const SSL_METHOD *B(void); - -Constructor for the SSLv2 SSL_METHOD structure for a dedicated server. - -=item const SSL_METHOD *B(void); - -Constructor for the SSLv2 SSL_METHOD structure for combined client and server. - =item const SSL_METHOD *B(void); Constructor for the SSLv3 SSL_METHOD structure for a dedicated client. @@ -189,7 +177,7 @@ I) and the bits which are actually used (the return value). =item const char *B(SSL_CIPHER *cipher); Return the internal name of I as a string. These are the various -strings defined by the I, I and I +strings defined by the I and I definitions in the header files. =item char *B(SSL_CIPHER *cipher); @@ -758,5 +746,8 @@ L The L document appeared in OpenSSL 0.9.2 +B, B and B where removed +in OpenSSL 1.1.0. + =cut diff --git a/makevms.com b/makevms.com index d5a25264b1..37e1e3ce18 100755 --- a/makevms.com +++ b/makevms.com @@ -300,7 +300,6 @@ $ CONFIG_LOGICALS := AES,- SHA512,- SOCK,- SRP,- - SSL2,- SSL_INTERN,- STACK,- STATIC_ENGINE,- @@ -330,10 +329,8 @@ $! algos part. $ CONFIG_DISABLE_RULES := RIJNDAEL/AES;- DES/MDC2;- EC/ECDSA,ECDH;- - MD5/SSL2,SSL3,TLS1;- + MD5/SSL3,TLS1;- SHA/SSL3,TLS1;- - RSA/SSL2;- - RSA,DSA/SSL2;- DH/SSL3,TLS1;- TLS1/TLSEXT;- EC/GOST;- diff --git a/ms/test.bat b/ms/test.bat index f490546ebb..d0b60600e2 100755 --- a/ms/test.bat +++ b/ms/test.bat @@ -77,22 +77,6 @@ if errorlevel 1 goto done set SSL_TEST=ssltest -key keyU.ss -cert certU.ss -c_key keyU.ss -c_cert certU.ss -CAfile certCA.ss -echo test sslv2 -ssltest -ssl2 -if errorlevel 1 goto done - -echo test sslv2 with server authentication -%SSL_TEST% -ssl2 -server_auth -if errorlevel 1 goto done - -echo test sslv2 with client authentication -%SSL_TEST% -ssl2 -client_auth -if errorlevel 1 goto done - -echo test sslv2 with both client and server authentication -%SSL_TEST% -ssl2 -server_auth -client_auth -if errorlevel 1 goto done - echo test sslv3 ssltest -ssl3 if errorlevel 1 goto done @@ -125,26 +109,10 @@ echo test sslv2/sslv3 with both client and server authentication %SSL_TEST% -server_auth -client_auth if errorlevel 1 goto done -echo test sslv2 via BIO pair -ssltest -bio_pair -ssl2 -if errorlevel 1 goto done - echo test sslv2/sslv3 with 1024 bit DHE via BIO pair ssltest -bio_pair -dhe1024dsa -v if errorlevel 1 goto done -echo test sslv2 with server authentication via BIO pair -%SSL_TEST% -bio_pair -ssl2 -server_auth -if errorlevel 1 goto done - -echo test sslv2 with client authentication via BIO pair -%SSL_TEST% -bio_pair -ssl2 -client_auth -if errorlevel 1 goto done - -echo test sslv2 with both client and server authentication via BIO pair -%SSL_TEST% -bio_pair -ssl2 -server_auth -client_auth -if errorlevel 1 goto done - echo test sslv3 via BIO pair ssltest -bio_pair -ssl3 if errorlevel 1 goto done diff --git a/ms/testce.bat b/ms/testce.bat index 2ab010be6a..8de94a43b2 100644 --- a/ms/testce.bat +++ b/ms/testce.bat @@ -123,22 +123,6 @@ cecopy ssltest.exe CE:\OpenSSL cecopy ..\apps\server.pem CE:\OpenSSL cecopy ..\apps\client.pem CE:\OpenSSL -echo test sslv2 -cerun CE:\OpenSSL\ssltest -ssl2 -if errorlevel 1 goto done - -echo test sslv2 with server authentication -cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp -if errorlevel 1 goto done - -echo test sslv2 with client authentication -cerun CE:\OpenSSL\ssltest -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp -if errorlevel 1 goto done - -echo test sslv2 with both client and server authentication -cerun CE:\OpenSSL\ssltest -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp -if errorlevel 1 goto done - echo test sslv3 cerun CE:\OpenSSL\ssltest -ssl3 if errorlevel 1 goto done @@ -171,26 +155,10 @@ echo test sslv2/sslv3 with both client and server authentication cerun CE:\OpenSSL\ssltest -server_auth -client_auth -CAfile \OpenSSL\cert.tmp if errorlevel 1 goto done -echo test sslv2 via BIO pair -cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -if errorlevel 1 goto done - echo test sslv2/sslv3 with 1024 bit DHE via BIO pair cerun CE:\OpenSSL\ssltest -bio_pair -dhe1024dsa -v if errorlevel 1 goto done -echo test sslv2 with server authentication via BIO pair -cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -CAfile \OpenSSL\cert.tmp -if errorlevel 1 goto done - -echo test sslv2 with client authentication via BIO pair -cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -client_auth -CAfile \OpenSSL\cert.tmp -if errorlevel 1 goto done - -echo test sslv2 with both client and server authentication via BIO pair -cerun CE:\OpenSSL\ssltest -bio_pair -ssl2 -server_auth -client_auth -CAfile \OpenSSL\cert.tmp -if errorlevel 1 goto done - echo test sslv3 via BIO pair cerun CE:\OpenSSL\ssltest -bio_pair -ssl3 if errorlevel 1 goto done diff --git a/ssl/Makefile b/ssl/Makefile index 739e1ea793..ebbdedc7f4 100644 --- a/ssl/Makefile +++ b/ssl/Makefile @@ -21,7 +21,6 @@ APPS= LIB=$(TOP)/libssl.a SHARED_LIB= libssl$(SHLIB_EXT) LIBSRC= \ - s2_meth.c s2_srvr.c s2_clnt.c s2_lib.c s2_enc.c s2_pkt.c \ s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c s3_both.c s3_cbc.c \ s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c \ t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_ext.c \ @@ -32,7 +31,6 @@ LIBSRC= \ ssl_asn1.c ssl_txt.c ssl_algs.c ssl_conf.c \ bio_ssl.c ssl_err.c kssl.c t1_reneg.c tls_srp.c t1_trce.c ssl_utst.c LIBOBJ= \ - s2_meth.o s2_srvr.o s2_clnt.o s2_lib.o s2_enc.o s2_pkt.o \ s3_meth.o s3_srvr.o s3_clnt.o s3_lib.o s3_enc.o s3_pkt.o s3_both.o s3_cbc.o \ s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o s23_pkt.o \ t1_meth.o t1_srvr.o t1_clnt.o t1_lib.o t1_enc.o t1_ext.o \ @@ -386,126 +384,6 @@ s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h s23_srvr.o: ../include/openssl/x509_vfy.h s23_srvr.c ssl_locl.h -s2_clnt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_clnt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_clnt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_clnt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_clnt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_clnt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_clnt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_clnt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_clnt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_clnt.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s2_clnt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_clnt.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_clnt.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_clnt.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_clnt.o: ../include/openssl/x509_vfy.h s2_clnt.c ssl_locl.h -s2_enc.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_enc.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_enc.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_enc.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_enc.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_enc.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_enc.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_enc.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_enc.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_enc.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_enc.c -s2_enc.o: ssl_locl.h -s2_lib.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_lib.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_lib.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_lib.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_lib.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_lib.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_lib.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_lib.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_lib.o: ../include/openssl/md5.h ../include/openssl/obj_mac.h -s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h -s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/ossl_typ.h -s2_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h -s2_lib.o: ../include/openssl/pkcs7.h ../include/openssl/pqueue.h -s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_lib.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s2_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_lib.o: ../include/openssl/x509_vfy.h s2_lib.c ssl_locl.h -s2_meth.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_meth.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_meth.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_meth.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_meth.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_meth.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_meth.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_meth.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_meth.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_meth.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_meth.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_meth.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_meth.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_meth.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_meth.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_meth.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_meth.c -s2_meth.o: ssl_locl.h -s2_pkt.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_pkt.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_pkt.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_pkt.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_pkt.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_pkt.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_pkt.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_pkt.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_pkt.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_pkt.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_pkt.o: ../include/openssl/pqueue.h ../include/openssl/rsa.h -s2_pkt.o: ../include/openssl/safestack.h ../include/openssl/sha.h -s2_pkt.o: ../include/openssl/srtp.h ../include/openssl/ssl.h -s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h -s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h -s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h -s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h s2_pkt.c -s2_pkt.o: ssl_locl.h -s2_srvr.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h -s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/comp.h -s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/dsa.h -s2_srvr.o: ../include/openssl/dtls1.h ../include/openssl/e_os2.h -s2_srvr.o: ../include/openssl/ec.h ../include/openssl/ecdh.h -s2_srvr.o: ../include/openssl/ecdsa.h ../include/openssl/err.h -s2_srvr.o: ../include/openssl/evp.h ../include/openssl/hmac.h -s2_srvr.o: ../include/openssl/kssl.h ../include/openssl/lhash.h -s2_srvr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h -s2_srvr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h -s2_srvr.o: ../include/openssl/ossl_typ.h ../include/openssl/pem.h -s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h -s2_srvr.o: ../include/openssl/pqueue.h ../include/openssl/rand.h -s2_srvr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h -s2_srvr.o: ../include/openssl/sha.h ../include/openssl/srtp.h -s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h -s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h -s2_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h -s2_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h -s2_srvr.o: ../include/openssl/x509_vfy.h s2_srvr.c ssl_locl.h s3_both.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h s3_both.o: ../include/openssl/buffer.h ../include/openssl/comp.h s3_both.o: ../include/openssl/crypto.h ../include/openssl/dsa.h diff --git a/ssl/s23_clnt.c b/ssl/s23_clnt.c index 42c3d6861f..37b3e23784 100644 --- a/ssl/s23_clnt.c +++ b/ssl/s23_clnt.c @@ -121,10 +121,6 @@ static int ssl23_client_hello(SSL *s); static int ssl23_get_server_hello(SSL *s); static const SSL_METHOD *ssl23_get_client_method(int ver) { -#ifndef OPENSSL_NO_SSL2 - if (ver == SSL2_VERSION) - return(SSLv2_client_method()); -#endif #ifndef OPENSSL_NO_SSL3 if (ver == SSL3_VERSION) return(SSLv3_client_method()); @@ -256,24 +252,6 @@ end: return(ret); } -static int ssl23_no_ssl2_ciphers(SSL *s) - { - SSL_CIPHER *cipher; - STACK_OF(SSL_CIPHER) *ciphers; - int i; - ssl_set_client_disabled(s); - ciphers = SSL_get_ciphers(s); - for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) - { - cipher = sk_SSL_CIPHER_value(ciphers, i); - if (ssl_cipher_disabled(s, cipher, SSL_SECOP_CIPHER_SUPPORTED)) - continue; - if (cipher->algorithm_ssl == SSL_SSLV2) - return 0; - } - return 1; - } - /* Fill a ClientRandom or ServerRandom field of length len. Returns <= 0 * on failure, 1 on success. */ int ssl_fill_hello_random(SSL *s, int server, unsigned char *result, int len) @@ -300,9 +278,8 @@ static int ssl23_client_hello(SSL *s) { unsigned char *buf; unsigned char *p,*d; - int i,ch_len; + int i; unsigned long l; - int ssl2_compat; int version = 0, version_major, version_minor; int al = 0; #ifndef OPENSSL_NO_COMP @@ -312,13 +289,6 @@ static int ssl23_client_hello(SSL *s) int ret; unsigned long mask, options = s->options; - ssl2_compat = (options & SSL_OP_NO_SSLv2) ? 0 : 1; - - if (ssl2_compat && !ssl_security(s, SSL_SECOP_SSL2_COMPAT, 0, 0, NULL)) - ssl2_compat = 0; - if (ssl2_compat && ssl23_no_ssl2_ciphers(s)) - ssl2_compat = 0; - /* * SSL_OP_NO_X disables all protocols above X *if* there are * some protocols below X enabled. This is required in order @@ -330,9 +300,6 @@ static int ssl23_client_hello(SSL *s) mask = SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1 #if !defined(OPENSSL_NO_SSL3) |SSL_OP_NO_SSLv3 -#endif -#if !defined(OPENSSL_NO_SSL2) - |(ssl2_compat?SSL_OP_NO_SSLv2:0) #endif ; #if !defined(OPENSSL_NO_TLS1_2_CLIENT) @@ -352,28 +319,6 @@ static int ssl23_client_hello(SSL *s) version = SSL3_VERSION; mask &= ~SSL_OP_NO_SSLv3; #endif -#if !defined(OPENSSL_NO_SSL2) - if ((options & SSL_OP_NO_SSLv3) && (options & mask) != mask) - version = SSL2_VERSION; -#endif - -#ifndef OPENSSL_NO_TLSEXT - if (version != SSL2_VERSION) - { - /* have to disable SSL 2.0 compatibility if we need TLS extensions */ - - if (s->tlsext_hostname != NULL) - ssl2_compat = 0; - if (s->tlsext_status_type != -1) - ssl2_compat = 0; -#ifdef TLSEXT_TYPE_opaque_prf_input - if (s->ctx->tlsext_opaque_prf_input_callback != 0 || s->tlsext_opaque_prf_input != NULL) - ssl2_compat = 0; -#endif - if (s->cert->cli_ext.meths_count != 0) - ssl2_compat = 0; - } -#endif buf=(unsigned char *)s->init_buf->data; if (s->state == SSL23_ST_CW_CLNT_HELLO_A) @@ -424,11 +369,6 @@ static int ssl23_client_hello(SSL *s) version_major = SSL3_VERSION_MAJOR; version_minor = SSL3_VERSION_MINOR; } - else if (version == SSL2_VERSION) - { - version_major = SSL2_VERSION_MAJOR; - version_minor = SSL2_VERSION_MINOR; - } else { SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_PROTOCOLS_AVAILABLE); @@ -437,169 +377,105 @@ static int ssl23_client_hello(SSL *s) s->client_version = version; - if (ssl2_compat) - { - /* create SSL 2.0 compatible Client Hello */ + /* create Client Hello in SSL 3.0/TLS 1.0 format */ - /* two byte record header will be written last */ - d = &(buf[2]); - p = d + 9; /* leave space for message type, version, individual length fields */ + /* do the record header (5 bytes) and handshake message header (4 bytes) last */ + d = p = &(buf[9]); + + *(p++) = version_major; + *(p++) = version_minor; - *(d++) = SSL2_MT_CLIENT_HELLO; - *(d++) = version_major; - *(d++) = version_minor; - - /* Ciphers supported */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),p,0); - if (i == 0) - { - /* no ciphers */ - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } - s2n(i,d); - p+=i; - - /* put in the session-id length (zero since there is no reuse) */ -#if 0 - s->session->session_id_length=0; -#endif - s2n(0,d); - - if (s->options & SSL_OP_NETSCAPE_CHALLENGE_BUG) - ch_len=SSL2_CHALLENGE_LENGTH; - else - ch_len=SSL2_MAX_CHALLENGE_LENGTH; - - /* write out sslv2 challenge */ - /* Note that ch_len must be <= SSL3_RANDOM_SIZE (32), - because it is one of SSL2_MAX_CHALLENGE_LENGTH (32) - or SSL2_MAX_CHALLENGE_LENGTH (16), but leave the - check in for futurproofing */ - if (SSL3_RANDOM_SIZE < ch_len) - i=SSL3_RANDOM_SIZE; - else - i=ch_len; - s2n(i,d); - memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); - if (RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i) <= 0) - return -1; - - memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); - p+=i; - - i= p- &(buf[2]); - buf[0]=((i>>8)&0xff)|0x80; - buf[1]=(i&0xff); - - /* number of bytes to write */ - s->init_num=i+2; - s->init_off=0; - - ssl3_finish_mac(s,&(buf[2]),i); - } - else - { - /* create Client Hello in SSL 3.0/TLS 1.0 format */ - - /* do the record header (5 bytes) and handshake message header (4 bytes) last */ - d = p = &(buf[9]); - - *(p++) = version_major; - *(p++) = version_minor; + /* Random stuff */ + memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); + p += SSL3_RANDOM_SIZE; - /* Random stuff */ - memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); - p += SSL3_RANDOM_SIZE; + /* Session ID (zero since there is no reuse) */ + *(p++) = 0; - /* Session ID (zero since there is no reuse) */ - *(p++) = 0; - - /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ - i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); - if (i == 0) - { - SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); - return -1; - } + /* Ciphers supported (using SSL 3.0/TLS 1.0 format) */ + i=ssl_cipher_list_to_bytes(s,SSL_get_ciphers(s),&(p[2]),ssl3_put_cipher_by_char); + if (i == 0) + { + SSLerr(SSL_F_SSL23_CLIENT_HELLO,SSL_R_NO_CIPHERS_AVAILABLE); + return -1; + } #ifdef OPENSSL_MAX_TLS1_2_CIPHER_LENGTH - /* Some servers hang if client hello > 256 bytes - * as hack workaround chop number of supported ciphers - * to keep it well below this if we use TLS v1.2 - */ - if (TLS1_get_version(s) >= TLS1_2_VERSION - && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) - i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; + /* Some servers hang if client hello > 256 bytes + * as hack workaround chop number of supported ciphers + * to keep it well below this if we use TLS v1.2 + */ + if (TLS1_get_version(s) >= TLS1_2_VERSION + && i > OPENSSL_MAX_TLS1_2_CIPHER_LENGTH) + i = OPENSSL_MAX_TLS1_2_CIPHER_LENGTH & ~1; #endif - s2n(i,p); - p+=i; + s2n(i,p); + p+=i; - /* COMPRESSION */ + /* COMPRESSION */ #ifdef OPENSSL_NO_COMP - *(p++)=1; + *(p++)=1; #else - if (!ssl_allow_compression(s) || !s->ctx->comp_methods) - j=0; - else - j=sk_SSL_COMP_num(s->ctx->comp_methods); - *(p++)=1+j; - for (i=0; ictx->comp_methods,i); - *(p++)=comp->id; - } + if (!ssl_allow_compression(s) || !s->ctx->comp_methods) + j=0; + else + j=sk_SSL_COMP_num(s->ctx->comp_methods); + *(p++)=1+j; + for (i=0; i