[openssl-users] About no-ssl2
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Mar 16 22:58:56 UTC 2016
On Wed, Mar 16, 2016 at 10:52:39PM +0000, Richard Moore wrote:
> On 16 March 2016 at 22:39, Viktor Dukhovni <openssl-users at dukhovni.org>
> wrote:
>
> > On Wed, Mar 16, 2016 at 11:32:28PM +0100, Michel wrote:
> > OpenSSL 1.1.0 has no vestigial SSLv2 code, and so nothing to disable
> > with OPENSSL_NO_SSL2. The "OPENSSL_NO_..." macros specify disabled
> > features, not deleted code.
> >
>
> That's the major flaw of the current design of flagging when features are
> disabled rather than when they're present. I'm sure you'll get plenty more
> reports like this.
Use feature probing via autoconf, or just:
#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(OPENSSL_NO_SSL2)
/* SSLv2 available */
#else
/* SSLv2 not available */
#endif
Better yet, drop support for SSLv2, and then you don't care whether OpenSSL
provides it or not.
--
Viktor.
More information about the openssl-users
mailing list