diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c
--- sslscan-1.10.2.orig/sslscan.c 2014-02-14 16:59:08.000000000 +0200
+++ sslscan-1.10.2/sslscan.c 2016-03-02 22:24:34.714187733 +0200
@@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o
}
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " sslversion=\"");
+ if (0) {}
#ifndef OPENSSL_NO_SSL2
- if (sslCipherPointer->sslMethod == SSLv2_client_method())
+ else if (sslCipherPointer->sslMethod == SSLv2_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "SSLv2\" bits=\"");
@@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o
else
printf("SSLv2 ");
}
- else if (sslCipherPointer->sslMethod == SSLv3_client_method())
-#else
- if (sslCipherPointer->sslMethod == SSLv3_client_method())
#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (sslCipherPointer->sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, "SSLv3\" bits=\"");
@@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o
else
printf("SSLv3 ");
}
+#endif
else if (sslCipherPointer->sslMethod == TLSv1_client_method())
{
if (options->xmlOutput != 0)
@@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions
cipherStatus = SSL_connect(ssl);
if (cipherStatus == 0 || cipherStatus == 1)
{
+ if (0) {}
#ifndef OPENSSL_NO_SSL2
- if (sslMethod == SSLv2_client_method())
+ else if (sslMethod == SSLv2_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv2\" bits=\"");
@@ -1248,10 +1250,9 @@ int defaultCipher(struct sslCheckOptions
else
printf(" SSLv2 ");
}
- else if (sslMethod == SSLv3_client_method())
-#else
- if (sslMethod == SSLv3_client_method())
#endif
+#ifndef OPENSSL_NO_SSL3
+ else if (sslMethod == SSLv3_client_method())
{
if (options->xmlOutput != 0)
fprintf(options->xmlOutput, " <defaultcipher sslversion=\"SSLv3\" bits=\"");
@@ -1260,6 +1261,7 @@ int defaultCipher(struct sslCheckOptions
else
printf(" SSLv3 ");
}
+#endif
else if (sslMethod == TLSv1_client_method())
{
if (options->xmlOutput != 0)
@@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt
if (status != false)
status = defaultCipher(options, SSLv2_client_method());
#endif
+#ifndef OPENSSL_NO_SSL3
if (status != false)
status = defaultCipher(options, SSLv3_client_method());
+#endif
if (status != false)
status = defaultCipher(options, TLSv1_client_method());
@@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt
#endif
break;
case ssl_v3:
+#ifndef OPENSSL_NO_SSL3
status = defaultCipher(options, SSLv3_client_method());
+#endif
break;
case tls_v1:
status = defaultCipher(options, TLSv1_client_method());
@@ -2142,9 +2148,11 @@ int main(int argc, char *argv[])
options.sslVersion = ssl_v2;
#endif // #ifndef OPENSSL_NO_SSL2
+#ifndef OPENSSL_NO_SSL3
// SSL v3 only...
else if (strcmp("--ssl3", argv[argLoop]) == 0)
options.sslVersion = ssl_v3;
+#endif // #ifndef OPENSSL_NO_SSL3
// TLS v1 only...
else if (strcmp("--tls1", argv[argLoop]) == 0)
@@ -2249,7 +2257,9 @@ int main(int argc, char *argv[])
#ifndef OPENSSL_NO_SSL2
printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET);
#endif // #ifndef OPENSSL_NO_SSL2
+#ifndef OPENSSL_NO_SSL3
printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET);
+#endif // #ifndef OPENSSL_NO_SSL3
printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET);
#if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
printf(" %s--tls11%s Only check TLSv11 ciphers.\n", COL_GREEN, RESET);
@@ -2299,7 +2309,10 @@ int main(int argc, char *argv[])
populateCipherList(&options, SSLv2_client_method());
#endif
+#ifndef OPENSSL_NO_SSL3
populateCipherList(&options, SSLv3_client_method());
+#endif
+
populateCipherList(&options, TLSv1_client_method());
#if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL
@@ -2313,9 +2326,11 @@ int main(int argc, char *argv[])
populateCipherList(&options, SSLv2_client_method());
break;
#endif
+#ifndef OPENSSL_NO_SSL3
case ssl_v3:
populateCipherList(&options, SSLv3_client_method());
break;
+#endif
case tls_v1:
populateCipherList(&options, TLSv1_client_method());
break;
|
