1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c
--- sslscan-1.10.2.orig/sslscan.c 2014-02-14 16:59:08.000000000 +0200
+++ sslscan-1.10.2/sslscan.c 2016-03-02 22:24:34.714187733 +0200
@@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o
}
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " sslversion=\"");
+ if (0) {}
#ifndef OPENSSL_NO_SSL2
- if (sslCipherPointer->sslMethod == SSLv2_client_method())
+ else if (sslCipherPointer->sslMethod == SSLv2_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "SSLv2\" bits=\"");
@@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o
else
printf("SSLv2 ");
}
- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
-#else
- if (sslCipherPointer->sslMethod == SSLv3_client_method())
#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (sslCipherPointer->sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o
else
printf("SSLv3 ");
}
+#endif
else if (sslCipherPointer->sslMethod == TLSv1_client_method())
{
if (options->xmlOutput != 0)
@@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions
cipherStatus = SSL_connect(ssl);
if (cipherStatus == 0 || cipherStatus == 1)
{
+ if (0) {}
#ifndef OPENSSL_NO_SSL2
- if (sslMethod == SSLv2_client_method())
+ else if (sslMethod == SSLv2_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
@@ -1248,10 +1250,9 @@ int defaultCipher(struct sslCheckOptions
else
printf(" SSLv2 ");
}
- else if (sslMethod == SSLv3_client_method())
-#else
- if (sslMethod == SSLv3_client_method())
#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -1260,6 +1261,7 @@ int defaultCipher(struct sslCheckOptions
else
printf(" SSLv3 ");
}
+#endif
else if (sslMethod == TLSv1_client_method())
{
if (options->xmlOutput != 0)
@@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt
if (status != false)
status = defaultCipher(options, SSLv2_client_method());
#endif
+#ifndef OPENSSL_NO_SSL3
if (status != false)
status = defaultCipher(options, SSLv3_client_method());
+#endif
if (status != false)
status = defaultCipher(options, TLSv1_client_method());
@@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt
#endif
break;
case ssl_v3:
+#ifndef OPENSSL_NO_SSL3
status = defaultCipher(options, SSLv3_client_method());
+#endif
break;
case tls_v1:
status = defaultCipher(options, TLSv1_client_method());
@@ -2142,9 +2148,11 @@ int main(int argc, char *argv[])
options.sslVersion = ssl_v2;
#endif // #ifndef OPENSSL_NO_SSL2
+#ifndef OPENSSL_NO_SSL3
// SSL v3 only...
else if (strcmp("--ssl3", argv[argLoop]) == 0)
options.sslVersion = ssl_v3;
+#endif // #ifndef OPENSSL_NO_SSL3
// TLS v1 only...
else if (strcmp("--tls1", argv[argLoop]) == 0)
@@ -2249,7 +2257,9 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_SSL2
printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
#endif // #ifndef OPENSSL_NO_SSL2
+#ifndef OPENSSL_NO_SSL3
printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
+#endif // #ifndef OPENSSL_NO_SSL3
printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
#if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
printf(" %s--tls11%s Only check TLSv11 ciphers.\n", COL_GREEN, RESET);
@@ -2299,7 +2309,10 @@ int main(int argc, char *argv[])
populateCipherList(&options, SSLv2_client_method());
#endif
+#ifndef OPENSSL_NO_SSL3
populateCipherList(&options, SSLv3_client_method());
+#endif
+
populateCipherList(&options, TLSv1_client_method());
#if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
@@ -2313,9 +2326,11 @@ int main(int argc, char *argv[])
populateCipherList(&options, SSLv2_client_method());
break;
#endif
+#ifndef OPENSSL_NO_SSL3
case ssl_v3:
populateCipherList(&options, SSLv3_client_method());
break;
+#endif
case tls_v1:
populateCipherList(&options, TLSv1_client_method());
break;
|
