1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
--- a/rrs.c 2019-01-17 12:36:21.134181933 +0300
+++ b/rrs.c 2019-01-17 12:37:56.133181353 +0300
@@ -186,11 +186,9 @@
" can change it with, e.g., --ssl=tlsv1 for instance, or\n"
" the -S option.\n"
" -S, --ssl=method Choose OpenSSL protocol (case doesn't matter):\n"
-" -S SSLv2\n"
-" -S SSLv3\n"
" -S TLSv1\n"
" If you use --ssl instead of -S, please remember to use\n"
-" the equal sign, e.g., --ssl=sslv3.\n"
+" the equal sign, e.g., --ssl=tlsv1.\n"
" -P, --pem file Specify private key and certificate (public key) file.\n"
" The file should begin with a PEM encoded private key\n"
" followed by a PEM encoded certificate. Both the\n"
@@ -336,8 +334,8 @@
/****** various other global variables ******/
#if ! defined(WITHOUT_SSL)
- enum { none, TLSv1, SSLv3, SSLv2 } rrs_ssl = none;
- char *sslprotocols[] = { "none", "TLSv1", "SSLv3", "SSLv2" };
+ enum { none, TLSv1 } rrs_ssl = none;
+ char *sslprotocols[] = { "none", "TLSv1" };
#endif
unsigned int sourceport = 0,
@@ -1826,11 +1824,7 @@
}
rrs_ssl = TLSv1;
if (optarg) {
- if (!strcasecmp(optarg, "SSLv2")) {
- rrs_ssl = SSLv2;
- } else if (!strcasecmp(optarg, "SSLv3")) {
- rrs_ssl = SSLv3;
- } else if (!strcasecmp(optarg, "TLSv1")) {
+ if (!strcasecmp(optarg, "TLSv1")) {
rrs_ssl = TLSv1;
} else {
fprintf(stderr, "[?] not supported ssl protocol: %s\n", optarg);
@@ -1981,22 +1975,14 @@
SSL_load_error_strings();
if (rrs_listen) {
- if (rrs_ssl == SSLv2) {
- sslmethod = SSLv2_server_method();
- } else if (rrs_ssl == SSLv3) {
- sslmethod = SSLv3_server_method();
- } else if (rrs_ssl == TLSv1) {
+ if (rrs_ssl == TLSv1) {
sslmethod = TLSv1_server_method();
} else {
fprintf(stderr, "[?] huh? rrs_ssl = 0x%08x\n", (unsigned int)sslmethod);
return err_generic;
}
} else {
- if (rrs_ssl == SSLv2) {
- sslmethod = SSLv2_client_method();
- } else if (rrs_ssl == SSLv3) {
- sslmethod = SSLv3_client_method();
- } else if (rrs_ssl == TLSv1) {
+ if (rrs_ssl == TLSv1) {
sslmethod = TLSv1_client_method();
} else {
fprintf(stderr, "[?] huh? rrs_ssl = 0x%08x\n", (unsigned int)sslmethod);
|