Skip to content

Instantly share code, notes, and snippets.

Last active December 11, 2023 20:24
Show Gist options
  • Save bmaupin/8caca3a1e8c3c5686141 to your computer and use it in GitHub Desktop.
Save bmaupin/8caca3a1e8c3c5686141 to your computer and use it in GitHub Desktop.
Build openssl (with SSLv2/3 support for security testing)
# Cache sudo password
sudo -v
# Get latest OpenSSL 1.0.2 version from
# v1.1.0 seems to have removed SSLv2/3 support
# Install build dependencies
sudo apt -y install build-essential
# Build OpenSSL
tar -xvf openssl-$openssl_version.tar.gz
cd openssl-$openssl_version
# --prefix will make sure that make install copies the files locally instead of system-wide
# --openssldir will make sure that the binary will look in the regular system location for openssl.cnf
# no-shared builds a mostly static binary
./config --prefix=`pwd`/local --openssldir=/usr/lib/ssl enable-ssl2 enable-ssl3 no-shared
make depend
# -i continues on errors, since make install may try to put some files in /usr/lib/ssl, which we don't want
make -i install
# Install just the binary so we can use s_client -ssl2
mkdir -p ~/bin
sudo cp local/bin/openssl ~/bin/
# Cleanup
cd ..
rm -rf openssl-$openssl_version
rm openssl-$openssl_version.tar.gz
# (Optional) start a new login shell (to add ~/bin to the path, if necessary)
bash -l
# To test:
# $ openssl s_client -connect -ssl2 >/dev/null
# 139675635414688:error:1407F0E5:SSL routines:ssl2_write:ssl handshake failure:s2_pkt.c:412:
# $ openssl s_client -connect -ssl3 >/dev/null
# 140647504119456:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
Copy link

Worked great.
Any way I can enable ssl2/3 from this while using anlutro/php-curl?

Copy link

bmaupin commented Aug 30, 2018

@scrapewww I have no idea. It might be best to ask the maintainers of that project.

Copy link

Thank you very much for this script and for your answer on AskUbuntu (! It saved me a bunch of time.

Copy link

NyaMisty commented Jan 7, 2020

Note: you should first install prerequisites of compiling OpenSSL before all:
For ubuntu 18.04:

# perl modules, makedepends and gcc
sudo apt-get install make libtext-template-perl xutils-dev gcc

Copy link

bmaupin commented Feb 20, 2020

@NyaMisty Thanks for the suggestion! It seems the libtext and xutils packages aren't actually needed for this particular purpose, so I added a step to install build-essential instead.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment