diff -uprb sslscan-1.10.2.orig/sslscan.c sslscan-1.10.2/sslscan.c --- sslscan-1.10.2.orig/sslscan.c 2014-02-14 16:59:08.000000000 +0200 +++ sslscan-1.10.2/sslscan.c 2016-03-02 22:24:34.714187733 +0200 @@ -1083,8 +1083,9 @@ int testCipher(struct sslCheckOptions *o } if (options->xmlOutput != 0) fprintf(options->xmlOutput, " sslversion=\""); + if (0) {} #ifndef OPENSSL_NO_SSL2 - if (sslCipherPointer->sslMethod == SSLv2_client_method()) + else if (sslCipherPointer->sslMethod == SSLv2_client_method()) { if (options->xmlOutput != 0) fprintf(options->xmlOutput, "SSLv2\" bits=\""); @@ -1093,10 +1094,9 @@ int testCipher(struct sslCheckOptions *o else printf("SSLv2 "); } - else if (sslCipherPointer->sslMethod == SSLv3_client_method()) -#else - if (sslCipherPointer->sslMethod == SSLv3_client_method()) #endif +#ifndef OPENSSL_NO_SSL3 + else if (sslCipherPointer->sslMethod == SSLv3_client_method()) { if (options->xmlOutput != 0) fprintf(options->xmlOutput, "SSLv3\" bits=\""); @@ -1105,6 +1105,7 @@ int testCipher(struct sslCheckOptions *o else printf("SSLv3 "); } +#endif else if (sslCipherPointer->sslMethod == TLSv1_client_method()) { if (options->xmlOutput != 0) @@ -1238,8 +1239,9 @@ int defaultCipher(struct sslCheckOptions cipherStatus = SSL_connect(ssl); if (cipherStatus == 0 || cipherStatus == 1) { + if (0) {} #ifndef OPENSSL_NO_SSL2 - if (sslMethod == SSLv2_client_method()) + else if (sslMethod == SSLv2_client_method()) { if (options->xmlOutput != 0) fprintf(options->xmlOutput, " xmlOutput != 0) fprintf(options->xmlOutput, " xmlOutput != 0) @@ -1937,8 +1939,10 @@ int testHost(struct sslCheckOptions *opt if (status != false) status = defaultCipher(options, SSLv2_client_method()); #endif +#ifndef OPENSSL_NO_SSL3 if (status != false) status = defaultCipher(options, SSLv3_client_method()); +#endif if (status != false) status = defaultCipher(options, TLSv1_client_method()); @@ -1957,7 +1961,9 @@ int testHost(struct sslCheckOptions *opt #endif break; case ssl_v3: +#ifndef OPENSSL_NO_SSL3 status = defaultCipher(options, SSLv3_client_method()); +#endif break; case tls_v1: status = defaultCipher(options, TLSv1_client_method()); @@ -2142,9 +2148,11 @@ int main(int argc, char *argv[]) options.sslVersion = ssl_v2; #endif // #ifndef OPENSSL_NO_SSL2 +#ifndef OPENSSL_NO_SSL3 // SSL v3 only... else if (strcmp("--ssl3", argv[argLoop]) == 0) options.sslVersion = ssl_v3; +#endif // #ifndef OPENSSL_NO_SSL3 // TLS v1 only... else if (strcmp("--tls1", argv[argLoop]) == 0) @@ -2249,7 +2257,9 @@ int main(int argc, char *argv[]) #ifndef OPENSSL_NO_SSL2 printf(" %s--ssl2%s Only check SSLv2 ciphers.\n", COL_GREEN, RESET); #endif // #ifndef OPENSSL_NO_SSL2 +#ifndef OPENSSL_NO_SSL3 printf(" %s--ssl3%s Only check SSLv3 ciphers.\n", COL_GREEN, RESET); +#endif // #ifndef OPENSSL_NO_SSL3 printf(" %s--tls1%s Only check TLSv1 ciphers.\n", COL_GREEN, RESET); #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL printf(" %s--tls11%s Only check TLSv11 ciphers.\n", COL_GREEN, RESET); @@ -2299,7 +2309,10 @@ int main(int argc, char *argv[]) populateCipherList(&options, SSLv2_client_method()); #endif +#ifndef OPENSSL_NO_SSL3 populateCipherList(&options, SSLv3_client_method()); +#endif + populateCipherList(&options, TLSv1_client_method()); #if OPENSSL_VERSION_NUMBER >= 0x1000008fL || OPENSSL_VERSION_NUMBER >= 0x1000100fL @@ -2313,9 +2326,11 @@ int main(int argc, char *argv[]) populateCipherList(&options, SSLv2_client_method()); break; #endif +#ifndef OPENSSL_NO_SSL3 case ssl_v3: populateCipherList(&options, SSLv3_client_method()); break; +#endif case tls_v1: populateCipherList(&options, TLSv1_client_method()); break;