Fair enough. We are not using SSLv3, the code just made reference to the method. I will compile it out. Thanks! > On Oct 5, 2021, at 5:09 PM, Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> wrote: > > On Tue, Oct 05, 2021 at 03:49:48PM -0700, Kory Hamzeh wrote: > >> It looks like SSLv3 is not built by default in OpenSSL 3.0.0. At least >> SSLv3_method() is not define, and looking at the conditional >> compilation of that function, it makes sense. >> >> What command line option do I pass the Configure script to enable it? >> I tried enable-sslv3 and enable-SSLv3. It complained about both. I >> need to compile some old code (Python 2.7) which we will abandon soon. > > Don't enable SSLv3 in OpenSSL 3.0, that's not doing anyone a favour. > Better to instead build the code in question against OpenSSL 1.1.1, if > SSLv3 actually needs to be *used*. It is not a problem to install both > OpenSSL 1.1.1 and OpenSSL 3.0 side-by-side (shared libraries) on systems > with support for symbol versioning. > > If the only purpose of SSLv3 is to get code to compile, that will not > in fact ever run, or that can reasonably just return an error when > it runs, you can enable the method stubs, without enabling support > for the protocol: > > ./Configure enable-ssl3-method ... > > The default is to disable both "ssl3" and "ssl3-protocol" and I would > strongly encourage you to not enable both. Nobody should be actually > using SSLv3 anymore, but exporting function stubs that will error out > makes some sense if required to support toolkits that wrap the OpenSSL > API and still want to expose SSLv3 methods. > > -- > Viktor.
