Openssl SSL_CTX_new(SSLv3_method()) returns NULL

Question

Linux version from cat /proc/version

Linux version 3.6.11-4.fc16.i686 (mockbuild@bkernel02) (gcc version 4.6.3 20120306 (Red Hat 4.6.3-2)

Answer 1

Openssl SSL_CTX_new(SSLv3_method()) returns NULL

Call:

• OpenSSL_add_ssl_algorithms
• SSL_load_error_strings

See Library Initialization on the OpenSSL wiki. From the wiki:

If you fail to initialize the library, then you will experience unexplained errors like SSL_CTX_new returning NULL, and alert handshake failure with no shared ciphers.

---

error:140A90F1:SSL routines:SSL_CTX_new:unable to load ssl2 md5 routines

It sounds like the library was configured with no-ssl2 and no-md5. Is this a FIPS configuration?

The configuration defines are available in a couple of places. First, you might be able check (sometimes the defines show up):

$ /usr/local/ssl/macosx-x64/bin/openssl version -a
OpenSSL 1.0.1i 6 Aug 2014
built on: Wed Aug  6 18:45:03 EDT 2014
platform: darwin64-x86_64-cc
options:  bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx) 
compiler: cc -fPIC -fno-common -DOPENSSL_PIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN 
  -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT 
  -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM 
  -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM
OPENSSLDIR: "/usr/local/ssl/macosx-x64"

Second, you can use opensslconf.h for runtime checks. For example, you can check for the no-ssl2 config option via OPENSSL_NO_SSL2 (these defines always show up):

$ cat /usr/local/ssl/macosx-x64/include/openssl/opensslconf.h | grep -A 1 -i SSL2
#ifndef OPENSSL_NO_SSL2
# define OPENSSL_NO_SSL2
#endif
--
# if defined(OPENSSL_NO_SSL2) && !defined(NO_SSL2)
#  define NO_SSL2
# endif

You can use these in your code to guard on features. For example:

#ifndef OPENSSL_NO_SSL2
  /* SSLv2 is available */
#endif