[openssl-users] Getting error 'SSLv2_client_method': identifier not found

Michael Wojcik Michael.Wojcik at microfocus.com
Mon Jun 27 19:49:51 UTC 2016 

SSLv2 is no longer supported, and neither are the SSLv2_*_method calls. (And yes, this causes build problems when updating to newer OpenSSL builds; and while that causes some pain, it was the Right Thing to do.)

As Rich said, don't use SSLv2. Don't use SSLv3. If you can help it, don't use anything older than TLSv1.2.

The simplest fix is to change "SSLv2_client_method" to "SSLv23_client_method". (Inserting a single character; can't get much simpler than that.) But since you really don't want to talk to a server that only supports SSLv3, you might as well use TLSv1_client_method instead, or even better TLSv1_2_client_method. Since we have no idea what your program does, or what it has to interoperate with, we can't offer any more-specific advice.

SSLv23_client_method will use the old SSL-format ClientHello, but will (barring more-restrictive options set using SSL_CTX_set_options or similar) use later protocol versions for the actual conversation if the server supports them.

All that said, by far the best approach is to learn how TLS and OpenSSL work, so you can make an informed decision. TLS is agonizingly complicated and a minefield of security holes, and TLS applications maintained by people who don't have the necessary specialized knowledge are very likely to be severely insecure. For example, they may try to use SSLv2, which has been broken for a couple of decades. (That is, it's been broken for as long as it existed, but it's been widely known to be broken since the mid-1990s.)

Feistyduck.com has a free "OpenSSL cookbook" ebook which is a decent introduction.

Michael Wojcik
Technology Specialist, Micro Focus


From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Tony Girgenti
Sent: Monday, June 27, 2016 13:09
To: openssl-users at openssl.org
Subject: [openssl-users] Getting error 'SSLv2_client_method': identifier not found

Hello,

I migrated a Visual Studio 6.0 C++ program to Visual Studio 2015 C++.  The program uses OpenSSL.  I have downloaded and installed OpenSSL-Win32 version 1.0.2g.

I’m trying to figure what I need to do to fix the error I am getting on this line: m_pSSLctx = SSL_CTX_new(SSLv2_client_method());

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160627/78a22dfc/attachment.html>

More information about the openssl-users mailing list