Hi,
The attached patches filter the -ssl2/-ssl3/-tls1 options based on the
supported protocols compiled into the tools.
The patches apply to openssl-1.0.1e and openssl-1.0.0k.
Many thanks,
Mike
diff -ru openssl-1.0.0k/apps/ciphers.c openssl-1.0.0k-new/apps/ciphers.c
--- openssl-1.0.0k/apps/ciphers.c 2013-02-05 11:58:46.000000000 +0000
+++ openssl-1.0.0k-new/apps/ciphers.c 2013-06-24 11:50:11.000000000 +0100
@@ -73,9 +73,15 @@
"usage: ciphers args\n",
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in
OpenSSL\n",
" -V - even more verbose\n",
+#ifndef OPENSSL_NO_SSL2
" -ssl2 - SSL2 mode\n",
+#endif
+#ifndef OPENSSL_NO_SSL3
" -ssl3 - SSL3 mode\n",
+#endif
+#ifndef OPENSSL_NO_TLS1
" -tls1 - TLS1 mode\n",
+#endif
NULL
};
diff -ru openssl-1.0.0k/apps/s_client.c openssl-1.0.0k-new/apps/s_client.c
--- openssl-1.0.0k/apps/s_client.c 2013-02-05 11:58:46.000000000 +0000
+++ openssl-1.0.0k-new/apps/s_client.c 2013-06-24 11:50:19.000000000 +0100
@@ -316,11 +316,20 @@
BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
# endif
#endif
+#ifndef OPENSSL_NO_SSL2
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS1
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
- BIO_printf(bio_err," -mtu - set the link layer MTU\n");
+ BIO_printf(bio_err," -timeout - Enable timeouts for DTLSv1\n");
+ BIO_printf(bio_err," -mtu - Set link layer MTU for DTLSv1\n");
+#endif
BIO_printf(bio_err," -no_tls1/-no_ssl3/-no_ssl2 - turn off that
protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation
bug workarounds\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences
(only SSLv2)\n");
diff -ru openssl-1.0.0k/apps/s_server.c openssl-1.0.0k-new/apps/s_server.c
--- openssl-1.0.0k/apps/s_server.c 2013-02-05 11:58:46.000000000 +0000
+++ openssl-1.0.0k-new/apps/s_server.c 2013-06-24 11:50:23.000000000 +0100
@@ -456,12 +456,20 @@
BIO_printf(bio_err," -jpake arg - JPAKE secret to use\n");
# endif
#endif
+#ifndef OPENSSL_NO_SSL2
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS1
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
- BIO_printf(bio_err," -timeout - Enable timeouts\n");
- BIO_printf(bio_err," -mtu - Set link layer MTU\n");
+ BIO_printf(bio_err," -timeout - Enable timeouts for DTLSv1\n");
+ BIO_printf(bio_err," -mtu - Set link layer MTU for DTLSv1\n");
+#endif
BIO_printf(bio_err," -chain - Read a certificate chain\n");
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
diff -ru openssl-1.0.0k/apps/s_time.c openssl-1.0.0k-new/apps/s_time.c
--- openssl-1.0.0k/apps/s_time.c 2013-02-05 11:47:28.000000000 +0000
+++ openssl-1.0.0k-new/apps/s_time.c 2013-06-24 11:50:35.000000000 +0100
@@ -186,8 +186,12 @@
printf("-connect host:port - host:port to connect to (default is
%s)\n",SSL_CONNECT_NAME);
#ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n");
+#ifndef OPENSSL_NO_SSL2
printf("-ssl2 - Just use SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
printf("-ssl3 - Just use SSLv3\n");
+#endif
printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n");
diff -ru openssl-1.0.1e/apps/ciphers.c openssl-1.0.1e-new/apps/ciphers.c
--- openssl-1.0.1e/apps/ciphers.c 2013-02-11 15:26:04.000000000 +0000
+++ openssl-1.0.1e-new/apps/ciphers.c 2013-06-24 11:56:49.000000000 +0100
@@ -73,9 +73,15 @@
"usage: ciphers args\n",
" -v - verbose mode, a textual listing of the SSL/TLS ciphers in
OpenSSL\n",
" -V - even more verbose\n",
+#ifndef OPENSSL_NO_SSL2
" -ssl2 - SSL2 mode\n",
+#endif
+#ifndef OPENSSL_NO_SSL3
" -ssl3 - SSL3 mode\n",
+#endif
+#ifndef OPENSSL_NO_TLS1
" -tls1 - TLS1 mode\n",
+#endif
NULL
};
diff -ru openssl-1.0.1e/apps/s_client.c openssl-1.0.1e-new/apps/s_client.c
--- openssl-1.0.1e/apps/s_client.c 2013-02-11 15:26:04.000000000 +0000
+++ openssl-1.0.1e-new/apps/s_client.c 2013-06-24 11:58:25.000000000 +0100
@@ -329,13 +329,22 @@
BIO_printf(bio_err," -srp_moregroups - Tolerate other than the known
g N values.\n");
BIO_printf(bio_err," -srp_strength int - minimal mength in bits for N
(default %d).\n",SRP_MINIMAL_N);
#endif
+#ifndef OPENSSL_NO_SSL2
BIO_printf(bio_err," -ssl2 - just use SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
BIO_printf(bio_err," -ssl3 - just use SSLv3\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
BIO_printf(bio_err," -tls1_2 - just use TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - just use TLSv1.1\n");
BIO_printf(bio_err," -tls1 - just use TLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS1
BIO_printf(bio_err," -dtls1 - just use DTLSv1\n");
- BIO_printf(bio_err," -mtu - set the link layer MTU\n");
+ BIO_printf(bio_err," -timeout - Enable timeouts for DTLSv1\n");
+ BIO_printf(bio_err," -mtu - Set link layer MTU for DTLSv1\n");
+#endif
BIO_printf(bio_err," -no_tls1_2/-no_tls1_1/-no_tls1/-no_ssl3/-no_ssl2 -
turn off that protocol\n");
BIO_printf(bio_err," -bugs - Switch on all SSL implementation
bug workarounds\n");
BIO_printf(bio_err," -serverpref - Use server's cipher preferences
(only SSLv2)\n");
diff -ru openssl-1.0.1e/apps/s_server.c openssl-1.0.1e-new/apps/s_server.c
--- openssl-1.0.1e/apps/s_server.c 2013-02-11 15:26:04.000000000 +0000
+++ openssl-1.0.1e-new/apps/s_server.c 2013-06-24 11:59:05.000000000 +0100
@@ -513,14 +513,22 @@
BIO_printf(bio_err," -srpvfile file - The verifier file for
SRP\n");
BIO_printf(bio_err," -srpuserseed string - A seed string for a default
user salt.\n");
#endif
+#ifndef OPENSSL_NO_SSL2
BIO_printf(bio_err," -ssl2 - Just talk SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
BIO_printf(bio_err," -ssl3 - Just talk SSLv3\n");
+#endif
+#ifndef OPENSSL_NO_TLS1
BIO_printf(bio_err," -tls1_2 - Just talk TLSv1.2\n");
BIO_printf(bio_err," -tls1_1 - Just talk TLSv1.1\n");
BIO_printf(bio_err," -tls1 - Just talk TLSv1\n");
+#endif
+#ifndef OPENSSL_NO_DTLS1
BIO_printf(bio_err," -dtls1 - Just talk DTLSv1\n");
- BIO_printf(bio_err," -timeout - Enable timeouts\n");
- BIO_printf(bio_err," -mtu - Set link layer MTU\n");
+ BIO_printf(bio_err," -timeout - Enable timeouts for DTLSv1\n");
+ BIO_printf(bio_err," -mtu - Set link layer MTU for DTLSv1\n");
+#endif
BIO_printf(bio_err," -chain - Read a certificate chain\n");
BIO_printf(bio_err," -no_ssl2 - Just disable SSLv2\n");
BIO_printf(bio_err," -no_ssl3 - Just disable SSLv3\n");
diff -ru openssl-1.0.1e/apps/s_time.c openssl-1.0.1e-new/apps/s_time.c
--- openssl-1.0.1e/apps/s_time.c 2013-02-11 15:26:04.000000000 +0000
+++ openssl-1.0.1e-new/apps/s_time.c 2013-06-24 11:56:49.000000000 +0100
@@ -186,8 +186,12 @@
printf("-connect host:port - host:port to connect to (default is
%s)\n",SSL_CONNECT_NAME);
#ifdef FIONBIO
printf("-nbio - Run with non-blocking IO\n");
+#ifndef OPENSSL_NO_SSL2
printf("-ssl2 - Just use SSLv2\n");
+#endif
+#ifndef OPENSSL_NO_SSL3
printf("-ssl3 - Just use SSLv3\n");
+#endif
printf("-bugs - Turn on SSL bug compatibility\n");
printf("-new - Just time new connections\n");
printf("-reuse - Just time connection reuse\n");
