SSLv2 removal

ChangeLog

@@ -463,9 +463,9 @@ Version 2.6.1.1 'Harding Grim':
 			= In REST API timestamp, we are now using
 				the expiration time (Issue 31).
 		* Configurable cipher suite in the TURN server.
-		* SSL3 support.
+		* SSLv3 support.
 		* TLS 1.1 and 1.2 support.
-		* SSL2 "encapsulation" mode support.
+		* SSLv2 "encapsulation" mode support.
 		* NULL OpenSSL cipher is allowed to be negotiated between
 			server and client.
 		* -U option (NULL cipher) added to the test client.

README.turnserver

@@ -191,8 +191,6 @@ Flags:
 
 --dh2066		Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
 
---no-sslv2		Do not allow SSLv2 protocol.
-
 --no-sslv3		Do not allow SSLv3 protocol.
 
 --no-tlsv1		Do not allow TLSv1/DTLSv1 protocol.

examples/etc/turnserver.conf

@@ -625,7 +625,6 @@
 
 # Do not allow an SSL/TLS/DTLS version of protocol
 #
-#no-sslv2
 #no-sslv3
 #no-tlsv1
 #no-tlsv1_1

man/man1/turnserver.1

@@ -282,10 +282,6 @@ Use 566 bits predefined DH TLS key. Default size of the key is 1066.
 Use 2066 bits predefined DH TLS key. Default size of the key is 1066.
 .TP
 .B
-\fB\-\-no\-sslv2\fP
-Do not allow SSLv2 protocol.
-.TP
-.B
 \fB\-\-no\-sslv3\fP
 Do not allow SSLv3 protocol.
 .TP

src/apps/relay/mainrelay.c

@@ -81,7 +81,8 @@ NULL,
 
 DH_1066, "", "", "",
 "turn_server_cert.pem","turn_server_pkey.pem", "", "",
-0,0,0,0,0,
+1,
+0,0,0,0,
 #if !TLS_SUPPORTED
 1,
 #else
@@ -518,7 +519,6 @@ static char Usage[] = "Usage: turnserver [options]\n"
 " --dh2066					Use 2066 bits predefined DH TLS key. Default size of the predefined key is 1066.\n"
 " --dh-file	<dh-file-name>			Use custom DH TLS key, stored in PEM format in the file.\n"
 "						Flags --dh566 and --dh2066 are ignored when the DH key is taken from a file.\n"
-" --no-sslv2					Do not allow SSLv2 protocol.\n"
 " --no-sslv3					Do not allow SSLv3 protocol.\n"
 " --no-tlsv1					Do not allow TLSv1/DTLSv1 protocol.\n"
 " --no-tlsv1_1					Do not allow TLSv1.1 protocol.\n"
@@ -908,7 +908,7 @@ static void set_option(int c, char *value)
 	  turn_params.oauth = get_bool_value(value);
 	  break;
   case NO_SSLV2_OPT:
-	  turn_params.no_sslv2 = get_bool_value(value);
+    //deprecated
 	  break;
   case NO_SSLV3_OPT:
 	  turn_params.no_sslv3 = get_bool_value(value);
@@ -2531,9 +2531,11 @@ static void set_ctx(SSL_CTX* ctx, const char *protocol)
 	{
 		int op = 0;
 
+#if !defined(OPENSSL_NO_SSL2)
 #if defined(SSL_OP_NO_SSLv2)
 		if(turn_params.no_sslv2)
 			op |= SSL_OP_NO_SSLv2;
+#endif
 #endif
 		if(turn_params.no_sslv3)
 			op |= SSL_OP_NO_SSLv3;

src/apps/uclient/mainuclient.c

@@ -496,7 +496,7 @@ int main(int argc, char **argv)
 		SSL_load_error_strings();
 		OpenSSL_add_ssl_algorithms();
 
-		const char *csuite = "ALL:SSLv2"; //"AES256-SHA" "DH"
+		const char *csuite = "ALL"; //"AES256-SHA" "DH"
 		if(use_null_cipher)
 			csuite = "eNULL";
 		else if(cipher_suite[0])

src/apps/uclient/uclient.h

@@ -36,6 +36,8 @@
 #include "session.h"
 
 #include <openssl/ssl.h>
+#include <openssl/dh.h>
+#include <openssl/bn.h>
 
 #ifdef __cplusplus
 extern "C" {