openssl s_client -connect gmail.com:443 -ssl3 not working
5,962
SSLv3 has been permanently disabled in the version of openssl distributed with Ubuntu 16.04, so the -ssl3 option no longer has any effect.
From /usr/share/doc/openssl/changelog.Debian.gz:
openssl (1.0.2g-1ubuntu1) xenial; urgency=medium
* Merge with Debian, remaining changes.
- Disable SSLv3 without changing ABI:
+ debian/patches/no-sslv3.patch: Disable SSLv3 without using the
no-ssl3-method option
+ debian/rules: don't use no-ssl3-method, don't bump soname
+ debian/patches/engines-path.patch: don't bump soname
+ debian/patches/version-script.patch: don't bump soname
+ debian/patches/soname.patch: removed
+ debian/lib*: don't bump soname
Related videos on Youtube
12 : 01
9. Production Ready Server Setup - SSL certificate using Let's encrypt and certbot
58 : 30
TB 01 Create & Install SSL/TLS Certificate, HTTP/HTTPS, OpenSSL, Nginx
16 : 06
Apache HTTPS / SSL Site, Redirect HTTP to HTTPS Tutorial
04 : 01
SSL TLS DIFFERENCES || Computer Science ||Animated Video
05 : 16
Digital Signature example using OpenSSL
![[ExpressJS] | #14 Cài đặt OpenSSL, sử dụng tạo private key và public key](https://i.ytimg.com/vi/XN6he_7b2rw/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLBB5eJcohr_Ynpv6rdQ6p6tKEh85A)
42 : 03
[ExpressJS] | #14 Cài đặt OpenSSL, sử dụng tạo private key và public key
Author by
Jayesh Patel
Updated on September 18, 2022Comments
-
Jayesh Patel over 1 year
I have installed Ubuntu 16.04 LTS on my laptop for my testing. Connect to gmail.com using the following command.
openssl s_client -connect gmail.com:443 -ssl3But I get the following error:
139903184385688:error:140A90C4:SSL routines:SSL_CTX_new:null ssl method passed:ssl_lib.c:1878
Question:
Am I missing any libraries to install? Or -ssl3 option is now not supported with openssl 1.0.2g-1ubuntu4.1?
-
Thomas Ward almost 8 yearsSSLv3 has a ton of security issues; you should be using TLS and not SSLv3
-
Selivanov Pavel about 7 years@ThomasWard : a lot of guys are still using it, and you need to work with this guys.
-
Thomas Ward about 7 years@SelivanovPavel Given that 16.04+ has SSLv3 intentionally disabled in OpenSSL, it's irrelevant. With SSLv3 disabled in OpenSSL, whether it's still 'used' or not is out the window, since newer systems can no longer support SSLv3. LibreSSL and others also have done the same thing, which makes SSLv3 effectively dead in terms of 'support'.
-
Selivanov Pavel about 7 years@ThomasWard I totaly get disabling SSLv3 for new installations, but disabling client software functions is IMHO irresponsible. Here, in messy real world, we are using php to connect to other guys API, and they are still using SSLv3. And we can not fix thier setup in any way, probably not even if we use firearms. And here comes new libssl and it's broken and php curl extension uses it and it's broken and our service is broken and everybody dies in horrible agony. Except openssl maintainers of course, who are happily living in Equestria with friendly ponies.
-
