Is it just s_client that doesn't support SSLv3 for you, or is it everything? SSLv3 seems to be disabled in s_client (the -ssl3 switch is no longer accepted), but doesn't actually seem to be disabled in the library.
I built sslscan (https://github.com/rbsec/sslscan) against the latest OpenSSL on a Debian sid system and although I got warnings that OPENSSL_NO_SSL3 was set, it still connected fine using SSLv3 servers. $ cat sslscan.c <...> 2698 #ifdef OPENSSL_NO_SSL3 2699 printf("\t\t%sOpenSSL version does not support SSLv3%s\n", COL_RED, RESET); 2700 printf("\t\t%sSSLv3 ciphers will not be detected%s\n", COL_RED, RESET); 2701 #endif <...> $ make gcc -Wall -L/usr/local/ssl/lib/ sslscan.c -I/usr/local/ssl/include/ -I/usr/local/ssl/include/openssl/ -lssl -lcrypto -o sslscan $ ./sslscan --no-heartbleed --no-renegotiation --no-compression --ssl3 <target> Version: 1.9.6-rbsec OpenSSL 1.0.1j 15 Oct 2014 OpenSSL version does not support SSLv2 SSLv2 ciphers will not be detected OpenSSL version does not support SSLv3 SSLv3 ciphers will not be detected Testing SSL server <target> on port 443 Supported Server Cipher(s): Accepted SSLv3 256 bits AES256-SHA Accepted SSLv3 128 bits AES128-SHA Accepted SSLv3 128 bits RC4-SHA Accepted SSLv3 112 bits DES-CBC3-SHA $ dpkg -l <...> ii openssl 1.0.1j-1 amd64 Secure Sockets Layer toolkit - cryptographic utility ii libssl-dev:amd64 1.0.1j-1 amd64 Secure Sockets Layer toolkit - development files $ /usr/bin/openssl version OpenSSL 1.0.1j 15 Oct 2014 Am I doing something stupid here, or is the fix for CVE-2014-3568 incomplete? ~rbsec
