The tool is unable to test sslv2 and v3 if it compiled against the latest and greatest system openssl because these protocols are disabled in it by default. It would be good to have a "static" use flag so that the tool could be compiled with an old openssl statically. See an official documentation for more details.
It looks like we might need to get an unsecured fork https://github.com/PeterMosmans/openssl to the tree. An another tool (sslyze) is using it, see https://github.com/nabla-c0d3/nassl. So I took its precompiled binaries as a quick hack into my ebuild (still hacking it): https://github.com/pentoo/pentoo-overlay/tree/master/net-analyzer/sslscan
(In reply to Anton Bolshakov from comment #1) > It looks like we might need to get an unsecured fork > https://github.com/PeterMosmans/openssl to the tree. > > An another tool (sslyze) is using it, see > https://github.com/nabla-c0d3/nassl. > > So I took its precompiled binaries as a quick hack into my ebuild (still > hacking it): > https://github.com/pentoo/pentoo-overlay/tree/master/net-analyzer/sslscan Not sure if that is needed, the sslscan build system seems to insecurify the openssl 1.0.2 sources already. I've created a local test build for 1.11.8 which uses the openssl 1.0.2j sources. That seems to compile fine but still does not seem to include sslv2 and sslv3, even though the build system enables them.
> I've created a local test build for 1.11.8 > which uses the openssl 1.0.2j sources. That seems to compile fine but still > does not seem to include sslv2 and sslv3, even though the build system > enables them. Your ebuild may be incorrect. Please make sure that include headers are in the right place. It compiles it properly from the sources by simple running "make static". That calls opensslpull: script which clones git and hacks some files but get it compiled with sslv2 properly.
It looks like my testing was incorrect. I have now added sslscan 1.11.8-r1 which has a +static USE flag to build against openssl 1.0.2j with insecure features turned on.
