Last active
May 26, 2025 03:29
-
-
Save bmaupin/8caca3a1e8c3c5686141 to your computer and use it in GitHub Desktop.
Build openssl (with SSLv2/3 support for security testing)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Cache sudo password | |
| sudo -v | |
| # Get latest OpenSSL 1.0.2 version from https://openssl.org/source/ | |
| # v1.1.0 seems to have removed SSLv2/3 support | |
| openssl_version=1.0.2k | |
| # Install build dependencies | |
| sudo apt -y install build-essential | |
| # Build OpenSSL | |
| wget https://openssl.org/source/openssl-$openssl_version.tar.gz | |
| tar -xvf openssl-$openssl_version.tar.gz | |
| cd openssl-$openssl_version | |
| # --prefix will make sure that make install copies the files locally instead of system-wide | |
| # --openssldir will make sure that the binary will look in the regular system location for openssl.cnf | |
| # no-shared builds a mostly static binary | |
| ./config --prefix=`pwd`/local --openssldir=/usr/lib/ssl enable-ssl2 enable-ssl3 no-shared | |
| make depend | |
| make | |
| # -i continues on errors, since make install may try to put some files in /usr/lib/ssl, which we don't want | |
| make -i install | |
| # Install just the binary so we can use s_client -ssl2 | |
| mkdir -p ~/bin | |
| sudo cp local/bin/openssl ~/bin/ | |
| # Cleanup | |
| cd .. | |
| rm -rf openssl-$openssl_version | |
| rm openssl-$openssl_version.tar.gz | |
| # (Optional) start a new login shell (to add ~/bin to the path, if necessary) | |
| bash -l | |
| # To test: | |
| # $ openssl s_client -connect google.com:443 -ssl2 >/dev/null | |
| # 139675635414688:error:1407F0E5:SSL routines:ssl2_write:ssl handshake failure:s2_pkt.c:412: | |
| # $ openssl s_client -connect google.com:443 -ssl3 >/dev/null | |
| # 140647504119456:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365: |
@scrapewww I have no idea. It might be best to ask the maintainers of that project.
Thank you very much for this script and for your answer on AskUbuntu (https://askubuntu.com/questions/893155/simple-way-of-enabling-sslv2-and-sslv3-in-openssl)! It saved me a bunch of time.
Note: you should first install prerequisites of compiling OpenSSL before all:
For ubuntu 18.04:
# perl modules, makedepends and gcc
sudo apt-get install make libtext-template-perl xutils-dev gcc
@NyaMisty Thanks for the suggestion! It seems the libtext and xutils packages aren't actually needed for this particular purpose, so I added a step to install build-essential instead.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Worked great.
Any way I can enable ssl2/3 from this while using anlutro/php-curl?