Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Build openssl (with SSLv2/3 support for security testing)
#!/bin/bash
# Get latest OpenSSL 1.0.2 version from https://openssl.org/source/
# v1.1.0 seems to have removed SSLv2/3 support
openssl_version=1.0.2k
# Build OpenSSL
wget https://openssl.org/source/openssl-$openssl_version.tar.gz
tar -xvf openssl-$openssl_version.tar.gz
cd openssl-$openssl_version
# --prefix will make sure that make install copies the files locally instead of system-wide
# --openssldir will make sure that the binary will look in the regular system location for openssl.cnf
# no-shared builds a mostly static binary
./config --prefix=`pwd`/local --openssldir=/usr/lib/ssl enable-ssl2 enable-ssl3 no-shared
make depend
make
# -i continues on errors, since make install may try to put some files in /usr/lib/ssl, which we don't want
make -i install
# Install just the binary so we can use s_client -ssl2
sudo cp local/bin/openssl /usr/local/bin/
# Cleanup
cd ..
rm -rf openssl-$openssl_version
rm openssl-$openssl_version.tar.gz
# To test:
# $ openssl s_client -connect google.com:443 -ssl2
# CONNECTED(00000003)
# 139675635414688:error:1407F0E5:SSL routines:ssl2_write:ssl handshake failure:s2_pkt.c:412:
# $ openssl s_client -connect google.com:443 -ssl3
# CONNECTED(00000003)
# 140647504119456:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
@scrapewww

This comment has been minimized.

Copy link

commented Aug 20, 2017

Worked great.
Any way I can enable ssl2/3 from this while using anlutro/php-curl?

@bmaupin

This comment has been minimized.

Copy link
Owner Author

commented Aug 30, 2018

@scrapewww I have no idea. It might be best to ask the maintainers of that project.

@lostpassword

This comment has been minimized.

Copy link

commented Jan 13, 2019

Thank you very much for this script and for your answer on AskUbuntu (https://askubuntu.com/questions/893155/simple-way-of-enabling-sslv2-and-sslv3-in-openssl)! It saved me a bunch of time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.