On Wed, Mar 02, 2016 at 10:01:23AM +0100, Sven Neuhaus wrote: > Bug #589706 removed support for the "-ssl2" option but did not update > the documentation of the builtin help. > > Due to the DROWN attack there is a renewed interest in the -ssl2 option > to make sure your servers aren't vulnerable. > > I'd argue the option should be enabled again to allow for testing.
There is no way I'm going to enable anything related to SSLv2. If I add SSLv2 support again to something like s_client it would mean that the library needs to support SSLv2 again and that people can actually go and enable it in applications. Also, s_client can't find issues like CVE-2015-3197. If you want something to test for it, there are actually several tools available for it. Kurt
