[openssl-users] Getting error 'SSLv2_client_method': identifier not found

Mon Jun 27 20:39:50 UTC 2016

"Unsafe for SAFESEH" is a completely different error:

It means that at least one file or library in your program was either 
not compiled with the /SAFESEH switch or is an assembler module without 
the magic incantation to tell the linker it contains no Structured 
Exeption Handlers.In either case, it only occurs if you try to link with 
the /SAFESEH linker switch despite the inclusion of such object file(s).

On 27/06/2016 22:08, Tony Girgenti wrote:
>
> Michael,
>
> Thank you for your explanation of where my program is and what I 
> should do to continue using some kind of SSL.
>
> I first need to figure out how this program uses SSL.  Then I can go 
> ahead and try to use TLSv1.2.
>
> I did try to use "SSLv23_client_method" and got the same compile error 
> “LNK2026          module unsafe for SAFESEH image.”.
>
> *From:* openssl-users [mailto:openssl-users-bounces at openssl.org] *On 
> Behalf Of *Michael Wojcik
> *Sent:* Monday, June 27, 2016 3:50 PM
> *To:* openssl-users at openssl.org
> *Subject:* Re: [openssl-users] Getting error 'SSLv2_client_method': 
> identifier not found
>
> SSLv2 is no longer supported, and neither are the SSLv2_*_method 
> calls. (And yes, this causes build problems when updating to newer 
> OpenSSL builds; and while that causes some pain, it was the Right 
> Thing to do.)
>
> As Rich said, don't use SSLv2. Don't use SSLv3. If you can help it, 
> don't use anything older than TLSv1.2.
>
> The simplest fix is to change "SSLv2_client_method" to 
> "SSLv23_client_method". (Inserting a single character; can't get much 
> simpler than that.) But since you really don't want to talk to a 
> server that only supports SSLv3, you might as well use 
> TLSv1_client_method instead, or even better TLSv1_2_client_method. 
> Since we have no idea what your program does, or what it has to 
> interoperate with, we can't offer any more-specific advice.
>
> SSLv23_client_method will use the old SSL-format ClientHello, but will 
> (barring more-restrictive options set using SSL_CTX_set_options or 
> similar) use later protocol versions for the actual conversation if 
> the server supports them.
>
> All that said, by far the best approach is to learn how TLS and 
> OpenSSL work, so you can make an informed decision. TLS is agonizingly 
> complicated and a minefield of security holes, and TLS applications 
> maintained by people who don't have the necessary specialized 
> knowledge are very likely to be severely insecure. For example, they 
> may try to use SSLv2, which has been broken for a couple of decades. 
> (That is, it's been broken for as long as it existed, but it's been 
> widely known to be broken since the mid-1990s.)
>
> Feistyduck.com has a free "OpenSSL cookbook" ebook which is a decent 
> introduction.
>
> *From:*openssl-users [mailto:openssl-users-bounces at openssl.org] *On 
> Behalf Of *Tony Girgenti
> *Sent:* Monday, June 27, 2016 13:09
> *To:* openssl-users at openssl.org <mailto:openssl-users at openssl.org>
> *Subject:* [openssl-users] Getting error 'SSLv2_client_method': 
> identifier not found
>
> Hello,
>
> I migrated a Visual Studio 6.0 C++ program to Visual Studio 2015 C++.  
> The program uses OpenSSL.  I have downloaded and installed 
> OpenSSL-Win32 version 1.0.2g.
>
> I’m trying to figure what I need to do to fix the error I am getting 
> on this line: m_pSSLctx = SSL_CTX_new(SSLv2_client_method());
>
>

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160627/ae925daf/attachment.html>