Enable SSLv2 Methods in Net:SSLeay

CryptoNark uses IO::Socket::SSL and IO::Socket::SSL depends on Net::SSLeay. While playing around with it recently on an Ubuntu 13.04 vm I use for work, I discovered that cryptonark wasn't executing the sslv2 tests--even against my new favorite sslv2 site.

One of the changes that first became available in Net::SSLeay version 1.37 was the removal of some SSLv2 methods. They won't work—even if you have enabled SSLv2 in your version of OpenSSL. Below is my workaround for the issue and I hope that someone reading this can post an alternative because my perl knowledge is still pretty lame. Ignoring the fact that enabling SSLv2 in anything but a test machine used to run vulnerability scans is not the best idea, the main issue with this workaround is that you must compile Net::SSLeay yourself. This is not at all difficult but it does prevent you from updating via cpan if you continue to require this functionality from your perl scripts.

So, with the usual caveats that you are doing this at your own risk, you shouldn't do this on a general purpose machine, and that I post this assuming you will not be using it for nefarious purposes, to enable SSLv2 on Net::SSLeay versions greater than 1.36 running on OpenSSL installations greater than or equal to 1.0.0:

Download the Net::SSLeay source archive to your local machine and extract it. Change into the Net-SSLeay- directory and open the file named SSLeay.xs. Search for the lines containing the string: #ifndef OPENSSL_NO_SSL2 There will be two blocks of code that will be modified. One block looks like this:

#ifndef OPENSSL_NO_SSL2
#if OPENSSL_VERSION_NUMBER < 0x10000000L

SSL_CTX *
SSL_CTX_v2_new()
     CODE:
     RETVAL = SSL_CTX_new (SSLv2_method());
     OUTPUT:    
     RETVAL

#endif
#endif

Remove the #ifndef and #if lines and remove the trailing #endif lines. Remove the same from the second block:

#ifndef OPENSSL_NO_SSL2 
#if OPENSSL_VERSION_NUMBER < 0x10000000L
  
SSL_METHOD *
SSLv2_method()
 
#endif
#endif

Save your changes, then run the usual commands "perl Makefile.pl", "make", "make test", and "make install" and you'll now have a Net::SSLeay installation that supports SSLv2. Keep in mind that whenever you want to upgrade your Net::SSLeay installation, you will need to repeat this.

Search This Site


Blogging Techstacks

Pre-Order the All New Kindle Fire HDX 7"!!
Creative Commons Attribution-ShareAlike 3.0 Unported