On Tue, Oct 05, 2021 at 03:49:48PM -0700, Kory Hamzeh wrote: > It looks like SSLv3 is not built by default in OpenSSL 3.0.0. At least > SSLv3_method() is not define, and looking at the conditional > compilation of that function, it makes sense. > > What command line option do I pass the Configure script to enable it? > I tried enable-sslv3 and enable-SSLv3. It complained about both. I > need to compile some old code (Python 2.7) which we will abandon soon. Don't enable SSLv3 in OpenSSL 3.0, that's not doing anyone a favour. Better to instead build the code in question against OpenSSL 1.1.1, if SSLv3 actually needs to be *used*. It is not a problem to install both OpenSSL 1.1.1 and OpenSSL 3.0 side-by-side (shared libraries) on systems with support for symbol versioning. If the only purpose of SSLv3 is to get code to compile, that will not in fact ever run, or that can reasonably just return an error when it runs, you can enable the method stubs, without enabling support for the protocol: ./Configure enable-ssl3-method ... The default is to disable both "ssl3" and "ssl3-protocol" and I would strongly encourage you to not enable both. Nobody should be actually using SSLv3 anymore, but exporting function stubs that will error out makes some sense if required to support toolkits that wrap the OpenSSL API and still want to expose SSLv3 methods. -- Viktor.