Commit 7fb28b9cd0 for openssl.org
commit 7fb28b9cd05ba89cbbe038dfa85804fe22bc146a
Author: Frederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Date: Tue Apr 21 13:47:21 2026 +0200
Removes SSLv2 support in TLSProxy.
Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Fri Apr 24 20:11:08 2026
(Merged from https://github.com/openssl/openssl/pull/30916)
diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t
index 29b35baf39..7c614fe6a0 100644
--- a/test/recipes/70-test_sslcbcpadding.t
+++ b/test/recipes/70-test_sslcbcpadding.t
@@ -119,7 +119,6 @@ sub add_maximal_padding_filter
TLSProxy::Record::RT_APPLICATION_DATA,
TLSProxy::Record::VERS_TLS_1_2,
length($data),
- 0,
length($data),
$plaintext_len,
$data,
diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index 093cbf7065..a09a818efe 100644
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -310,7 +310,6 @@ sub add_empty_recs_filter
0,
0,
0,
- 0,
"",
""
);
@@ -322,7 +321,6 @@ sub add_empty_recs_filter
0,
0,
0,
- 0,
"",
""
);
@@ -343,19 +341,6 @@ sub add_frag_alert_filter
return;
}
- # Add a zero length fragment first
- #my $record = TLSProxy::Record->new(
- # 0,
- # TLSProxy::Record::RT_ALERT,
- # TLSProxy::Record::VERS_TLS_1_2,
- # 0,
- # 0,
- # 0,
- # "",
- # ""
- #);
- #push @{$proxy->record_list}, $record;
-
# Now add the alert level (Fatal) as a separate record
$byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
my $record = TLSProxy::Record->new(
@@ -363,7 +348,6 @@ sub add_frag_alert_filter
TLSProxy::Record::RT_ALERT,
TLSProxy::Record::VERS_TLS_1_2,
1,
- 0,
1,
1,
$byte,
@@ -378,7 +362,6 @@ sub add_frag_alert_filter
TLSProxy::Record::RT_ALERT,
TLSProxy::Record::VERS_TLS_1_2,
1,
- 0,
1,
1,
$byte,
@@ -413,7 +396,6 @@ sub add_unknown_record_type
@{$records}[-1]->epoch(),
@{$records}[-1]->seq() +1,
1,
- 0,
1,
1,
"X",
@@ -425,7 +407,6 @@ sub add_unknown_record_type
TLSProxy::Record::RT_UNKNOWN,
@{$records}[-1]->version(),
1,
- 0,
1,
1,
"X",
@@ -569,7 +550,6 @@ sub not_on_record_boundary
0,
0,
0,
- 0,
"",
""
);
@@ -599,7 +579,6 @@ sub not_on_record_boundary
0,
0,
0,
- 0,
"",
""
);
@@ -624,7 +603,6 @@ sub not_on_record_boundary
0,
0,
0,
- 0,
"",
""
);
@@ -645,7 +623,6 @@ sub not_on_record_boundary
0,
0,
0,
- 0,
"",
""
);
@@ -694,7 +671,6 @@ sub empty_app_data
1,
1,
length($data),
- 0,
length($data),
0,
$data,
diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t
index ff2f6dbdd1..c6138b6d29 100644
--- a/test/recipes/70-test_tls13hrr.t
+++ b/test/recipes/70-test_tls13hrr.t
@@ -177,7 +177,6 @@ sub hrr_filter
$hrr_record->content_type(),
$hrr_record->version(),
$hrr_record->len(),
- $hrr_record->sslv2(),
$hrr_record->len_real(),
$hrr_record->decrypt_len(),
$hrr_record->data(),
diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
index 460991e8aa..b0560fa0e5 100644
--- a/util/perl/TLSProxy/Record.pm
+++ b/util/perl/TLSProxy/Record.pm
@@ -121,7 +121,6 @@ sub get_records
$epoch,
$seq,
$len,
- 0,
$len, # len_real
$len, # decrypt_len
$data, # data
@@ -133,7 +132,6 @@ sub get_records
$content_type,
$version,
$len,
- 0,
$len, # len_real
$len, # decrypt_len
$data, # data
@@ -215,7 +213,6 @@ sub new_dtls
$epoch,
$seq,
$len,
- $sslv2,
$len_real,
$decrypt_len,
$data,
@@ -227,7 +224,6 @@ sub new_dtls
$epoch,
$seq,
$len,
- $sslv2,
$len_real,
$decrypt_len,
$data,
@@ -241,7 +237,6 @@ sub new
$content_type,
$version,
$len,
- $sslv2,
$len_real,
$decrypt_len,
$data,
@@ -254,7 +249,6 @@ sub new
0, #epoch
0, #seq
$len,
- $sslv2,
$len_real,
$decrypt_len,
$data,
@@ -271,7 +265,6 @@ sub init
$epoch,
$seq,
$len,
- $sslv2,
$len_real,
$decrypt_len,
$data,
@@ -285,7 +278,6 @@ sub init
epoch => $epoch,
seq => $seq,
len => $len,
- sslv2 => $sslv2,
len_real => $len_real,
decrypt_len => $decrypt_len,
data => $data,
@@ -388,27 +380,23 @@ sub reconstruct_record
}
$self->{sent} = 1;
- if ($self->sslv2) {
- $data = pack('n', $self->len | 0x8000);
+ if($self->{isdtls}) {
+ my $seqhi = ($self->seq >> 32) & 0xffff;
+ my $seqmi = ($self->seq >> 16) & 0xffff;
+ my $seqlo = ($self->seq >> 0) & 0xffff;
+ $data = pack('Cnnnnnn', $self->content_type, $self->version,
+ $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
} else {
- if($self->{isdtls}) {
- my $seqhi = ($self->seq >> 32) & 0xffff;
- my $seqmi = ($self->seq >> 16) & 0xffff;
- my $seqlo = ($self->seq >> 0) & 0xffff;
- $data = pack('Cnnnnnn', $self->content_type, $self->version,
- $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
- } else {
- if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
- $data = pack('Cnn', $self->outer_content_type, $self->version,
- $self->len);
- }
- else {
- $data = pack('Cnn', $self->content_type, $self->version,
- $self->len);
- }
+ if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
+ $data = pack('Cnn', $self->outer_content_type, $self->version,
+ $self->len);
+ }
+ else {
+ $data = pack('Cnn', $self->content_type, $self->version,
+ $self->len);
}
-
}
+
$data .= $self->data;
return $data;
@@ -420,11 +408,6 @@ sub flight
my $self = shift;
return $self->{flight};
}
-sub sslv2
-{
- my $self = shift;
- return $self->{sslv2};
-}
sub len_real
{
my $self = shift;