Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Build openssl (with SSLv2/3 support for security testing)
# Get latest OpenSSL 1.0.2 version from
# v1.1.0 seems to have removed SSLv2/3 support
# Build OpenSSL
tar -xvf openssl-$openssl_version.tar.gz
cd openssl-$openssl_version
# --prefix will make sure that make install copies the files locally instead of system-wide
# --openssldir will make sure that the binary will look in the regular system location for openssl.cnf
# no-shared builds a mostly static binary
./config --prefix=`pwd`/local --openssldir=/usr/lib/ssl enable-ssl2 enable-ssl3 no-shared
make depend
# -i continues on errors, since make install may try to put some files in /usr/lib/ssl, which we don't want
make -i install
# Install just the binary so we can use s_client -ssl2
sudo cp local/bin/openssl /usr/local/bin/
# Cleanup
cd ..
rm -rf openssl-$openssl_version
rm openssl-$openssl_version.tar.gz
# To test:
# $ openssl s_client -connect -ssl2
# CONNECTED(00000003)
# 139675635414688:error:1407F0E5:SSL routines:ssl2_write:ssl handshake failure:s2_pkt.c:412:
# $ openssl s_client -connect -ssl3
# CONNECTED(00000003)
# 140647504119456:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:

This comment has been minimized.

Copy link

scrapewww commented Aug 20, 2017

Worked great.
Any way I can enable ssl2/3 from this while using anlutro/php-curl?


This comment has been minimized.

Copy link
Owner Author

bmaupin commented Aug 30, 2018

@scrapewww I have no idea. It might be best to ask the maintainers of that project.


This comment has been minimized.

Copy link

lostpassword commented Jan 13, 2019

Thank you very much for this script and for your answer on AskUbuntu (! It saved me a bunch of time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.