[openssl-users] Disable SSL3 for Windows 32 Distros?

Jay Trombley jay at jaytrombley.net
Wed Jul 15 01:14:02 UTC 2015 

Hello,

I¹ve made several attempts to compile various versions of OpenSSL, the
latest being 1.0.2d for Win32.  Although many attempts to compile have been
successful and the dlls (and .exe) usable, I have not been able to
successfully disable SSLv3.

I attempted on a Windows 7 box using VC 2010, I can compile without no-ssl2
no-ssl3, however, when I try to use no-ssl3, I end up getting linker errors.
I notice that the ssleay32.def still has references to SSLv3 and SSLv23.
When I attempt to remove these and try to compile again, it continues to
fail.  

When I could not make this work, I switched to ubuntu and did a cross
compile using mingw.  In this case I can pass no-ssl2 and no-ssl3 (I even
tried disable-ssl2 disable-ssl3 disable-ssl3-method) and it all compiles
fine.  However, when I scan the application that is using the port, I can
still see SSLv3 is used (accepted for a few ciphers):

    Rejected  SSLv3  256 bits  ADH-AES256-SHA
    Rejected  SSLv3  256 bits  DHE-RSA-AES256-SHA
    Rejected  SSLv3  256 bits  DHE-DSS-AES256-SHA
    Accepted  SSLv3  256 bits  AES256-SHA
    Rejected  SSLv3  128 bits  ADH-AES128-SHA
    Rejected  SSLv3  128 bits  DHE-RSA-AES128-SHA
    Rejected  SSLv3  128 bits  DHE-DSS-AES128-SHA
    Accepted  SSLv3  128 bits  AES128-SHA
    Rejected  SSLv3  168 bits  ADH-DES-CBC3-SHA
    Rejected  SSLv3   56 bits  ADH-DES-CBC-SHA
    Rejected  SSLv3   40 bits  EXP-ADH-DES-CBC-SHA
    Rejected  SSLv3  128 bits  ADH-RC4-MD5
    Rejected  SSLv3   40 bits  EXP-ADH-RC4-MD5
    Rejected  SSLv3  168 bits  EDH-RSA-DES-CBC3-SHA
    Rejected  SSLv3   56 bits  EDH-RSA-DES-CBC-SHA
    Rejected  SSLv3   40 bits  EXP-EDH-RSA-DES-CBC-SHA
    Rejected  SSLv3  168 bits  EDH-DSS-DES-CBC3-SHA
    Rejected  SSLv3   56 bits  EDH-DSS-DES-CBC-SHA
    Rejected  SSLv3   40 bits  EXP-EDH-DSS-DES-CBC-SHA
    Accepted  SSLv3  168 bits  DES-CBC3-SHA
    Rejected  SSLv3   56 bits  DES-CBC-SHA
    Rejected  SSLv3   40 bits  EXP-DES-CBC-SHA
    Rejected  SSLv3  128 bits  IDEA-CBC-SHA
    Rejected  SSLv3   40 bits  EXP-RC2-CBC-MD5
    Rejected  SSLv3  128 bits  RC4-SHA
    Rejected  SSLv3  128 bits  RC4-MD5
    Rejected  SSLv3   40 bits  EXP-RC4-MD5
    Rejected  SSLv3    0 bits  NULL-SHA
    Rejected  SSLv3    0 bits  NULL-MD5

Is there a bug for windows that prevents generating dlls that do not support
sslv3?

If anyone has been able to compile it and confirmed no ssl3, I would really
appreciate any guidance (and a copy of your ssleay32,dll, libeay32.dll, and
openssl.exe).

Thanks in advance. 

Jay

----
Jay A Trombley, PMP

Office : +1 (802) 458-0814
Mobile : +1 (415) 238.4780
Fax : +1 (802) 329.2064
Skype : jay.trombley
Web : http://www.linkedin.com/in/jaytrombley



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150714/031ee460/attachment.html>

More information about the openssl-users mailing list