ssl2 removed

src/apps/common/apputils.c

@@ -827,14 +827,6 @@ static const char* turn_get_method(const SSL_METHOD *method, const char* mdefaul
 			return mdefault;
 		else {
 
-#ifndef OPENSSL_NO_SSL2
-			if(method == SSLv2_server_method()) {
-					return "SSLv2";
-			} else if(method == SSLv2_client_method()) {
-					return "SSLv2";
-			} else
-#endif
-
 			if(method == SSLv3_server_method()) {
 				return "SSLv3";
 			} else if(method == SSLv3_client_method()) {

src/apps/relay/mainrelay.c

@@ -81,7 +81,6 @@ NULL,
 
 DH_1066, "", "", "",
 "turn_server_cert.pem","turn_server_pkey.pem", "", "",
-1,
 0,0,0,0,
 #if !TLS_SUPPORTED
 1,
@@ -705,7 +704,7 @@ enum EXTRA_OPTS {
 	DH566_OPT,
 	DH2066_OPT,
 	NE_TYPE_OPT,
-	NO_SSLV2_OPT,
+	NO_SSLV2_OPT, /*deprecated*/
 	NO_SSLV3_OPT,
 	NO_TLSV1_OPT,
 	NO_TLSV1_1_OPT,
@@ -828,7 +827,7 @@ static const struct myoption long_options[] = {
 				{ "dh566", optional_argument, NULL, DH566_OPT },
 				{ "dh2066", optional_argument, NULL, DH2066_OPT },
 				{ "ne", required_argument, NULL, NE_TYPE_OPT },
-				{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT },
+				{ "no-sslv2", optional_argument, NULL, NO_SSLV2_OPT }, /* deprecated */
 				{ "no-sslv3", optional_argument, NULL, NO_SSLV3_OPT },
 				{ "no-tlsv1", optional_argument, NULL, NO_TLSV1_OPT },
 				{ "no-tlsv1_1", optional_argument, NULL, NO_TLSV1_1_OPT },
@@ -2531,12 +2530,10 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol)
 	{
 		int op = 0;
 
-#if !defined(OPENSSL_NO_SSL2)
 #if defined(SSL_OP_NO_SSLv2)
-		if(turn_params.no_sslv2)
-			op |= SSL_OP_NO_SSLv2;
-#endif
+		op |= SSL_OP_NO_SSLv2;
 #endif
+
 		if(turn_params.no_sslv3)
 			op |= SSL_OP_NO_SSLv3;
 

src/apps/relay/mainrelay.h

@@ -199,7 +199,6 @@ typedef struct _turn_params_ {
   char tls_password[513];
   char dh_file[1025];
   
-  int no_sslv2;
   int no_sslv3;
   int no_tlsv1;
   int no_tlsv1_1;

src/apps/relay/ns_ioalib_engine_impl.c

@@ -2268,10 +2268,6 @@ static TURN_TLS_TYPE check_tentative_tls(ioa_socket_raw fd)
 				ret = (TURN_TLS_TYPE)(s[10]+1);
 		} else if((s[2]==1)&&(s[3]==3)) {
 			ret = TURN_TLS_SSL23; /* compatibility mode */
-#ifndef OPENSSL_NO_SSL2
-		} else if((s[2]==1)&&(s[3]==0)&&(s[4]==2)) {
-			ret = TURN_TLS_SSL23; /* old mode */
-#endif
 		}
 	}
 

src/apps/relay/turn_admin_server.c

@@ -723,12 +723,6 @@ static void cli_print_configuration(struct cli_session* cs)
 		cli_print_flag(cs,turn_params.no_dtls,"no-dtls",0);
 		cli_print_flag(cs,turn_params.no_tls,"no-tls",0);
 
-#ifndef OPENSSL_NO_SSL2
-		cli_print_flag(cs,(!turn_params.no_sslv2 && !turn_params.no_tls),"SSLv2",0);
-#else
-		cli_print_flag(cs,0,"SSLv2",0);
-#endif
-
 		cli_print_flag(cs,(!turn_params.no_sslv3 && !turn_params.no_tls),"SSLv3",0);
 		cli_print_flag(cs,(!turn_params.no_tlsv1 && !turn_params.no_tls),"TLSv1.0",0);
 		cli_print_flag(cs,(!turn_params.no_tlsv1_1 && !turn_params.no_tls),"TLSv1.1",0);

src/apps/uclient/mainuclient.c

@@ -503,11 +503,6 @@ int main(int argc, char **argv)
 			csuite=cipher_suite;
 
 		if(use_tcp) {
-#ifndef OPENSSL_NO_SSL2
-		  root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(SSLv2_client_method());
-		  SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
-		  root_tls_ctx_num++;
-#endif
 		  root_tls_ctx[root_tls_ctx_num] = SSL_CTX_new(SSLv23_client_method());
 		  SSL_CTX_set_cipher_list(root_tls_ctx[root_tls_ctx_num], csuite);
 		  root_tls_ctx_num++;