Michael, Thank you for your explanation of where my program is and what I should do to continue using some kind of SSL. I first need to figure out how this program uses SSL. Then I can go ahead and try to use TLSv1.2. I did try to use "SSLv23_client_method" and got the same compile error "LNK2026 module unsafe for SAFESEH image.". Thanks, Tony From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Michael Wojcik Sent: Monday, June 27, 2016 3:50 PM To: openssl-users at openssl.org Subject: Re: Getting error 'SSLv2_client_method': identifier not found SSLv2 is no longer supported, and neither are the SSLv2_*_method calls. (And yes, this causes build problems when updating to newer OpenSSL builds; and while that causes some pain, it was the Right Thing to do.) As Rich said, don't use SSLv2. Don't use SSLv3. If you can help it, don't use anything older than TLSv1.2. The simplest fix is to change "SSLv2_client_method" to "SSLv23_client_method". (Inserting a single character; can't get much simpler than that.) But since you really don't want to talk to a server that only supports SSLv3, you might as well use TLSv1_client_method instead, or even better TLSv1_2_client_method. Since we have no idea what your program does, or what it has to interoperate with, we can't offer any more-specific advice. SSLv23_client_method will use the old SSL-format ClientHello, but will (barring more-restrictive options set using SSL_CTX_set_options or similar) use later protocol versions for the actual conversation if the server supports them. All that said, by far the best approach is to learn how TLS and OpenSSL work, so you can make an informed decision. TLS is agonizingly complicated and a minefield of security holes, and TLS applications maintained by people who don't have the necessary specialized knowledge are very likely to be severely insecure. For example, they may try to use SSLv2, which has been broken for a couple of decades. (That is, it's been broken for as long as it existed, but it's been widely known to be broken since the mid-1990s.) Feistyduck.com has a free "OpenSSL cookbook" ebook which is a decent introduction. Michael Wojcik Technology Specialist, Micro Focus From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of Tony Girgenti Sent: Monday, June 27, 2016 13:09 To: openssl-users at openssl.org <mailto:openssl-users at openssl.org> Subject: Getting error 'SSLv2_client_method': identifier not found Hello, I migrated a Visual Studio 6.0 C++ program to Visual Studio 2015 C++. The program uses OpenSSL. I have downloaded and installed OpenSSL-Win32 version 1.0.2g. I'm trying to figure what I need to do to fix the error I am getting on this line: m_pSSLctx = SSL_CTX_new(SSLv2_client_method()); -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160627/0b9c4cf0/attachment-0001.html>
