On Mon, Jun 27, 2016 at 3:49 PM, Michael Wojcik <Michael.Wojcik at microfocus.com> wrote: > SSLv2 is no longer supported, and neither are the SSLv2_*_method calls. (And > yes, this causes build problems when updating to newer OpenSSL builds; and > while that causes some pain, it was the Right Thing to do.) > > As Rich said, don't use SSLv2. Don't use SSLv3. If you can help it, don't > use anything older than TLSv1.2. The library should have unconditionally set OPENSSL_NO_SSL2 when it yanked SSLv2 support. Iit was warned about use cases like this. When SSLv2 was re-added to return NULL because, it still omitted OPENSSL_NO_SSL2. There was no need to break existing client code in this case.
