Removes SSLv2 support in TLSProxy.

Reviewed-by: Matt Caswell <matt@openssl.foundation>
Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
MergeDate: Fri Apr 24 20:11:08 2026
(Merged from https://github.com/openssl/openssl/pull/30916)

diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t
index 29b35baf39e425046c4a5acadef2e4b2829962c7..7c614fe6a027d46a2092080488d45dda35b77ee2 100644 (file)
--- a/test/recipes/70-test_sslcbcpadding.t
+++ b/test/recipes/70-test_sslcbcpadding.t
@@ -119,7 +119,6 @@ sub add_maximal_padding_filter
             TLSProxy::Record::RT_APPLICATION_DATA,
             TLSProxy::Record::VERS_TLS_1_2,
             length($data),
-            0,
             length($data),
             $plaintext_len,
             $data,

diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t
index 093cbf70656340808d67b355e9dad7b6b4bf6497..a09a818efeff06475891722de9b039afb311ace1 100644 (file)
--- a/test/recipes/70-test_sslrecords.t
+++ b/test/recipes/70-test_sslrecords.t
@@ -310,7 +310,6 @@ sub add_empty_recs_filter
                 0,
                 0,
                 0,
-                0,
                 "",
                 ""
             );
@@ -322,7 +321,6 @@ sub add_empty_recs_filter
                 0,
                 0,
                 0,
-                0,
                 "",
                 ""
             );
@@ -343,19 +341,6 @@ sub add_frag_alert_filter
         return;
     }
 
-    # Add a zero length fragment first
-    #my $record = TLSProxy::Record->new(
-    #    0,
-    #    TLSProxy::Record::RT_ALERT,
-    #    TLSProxy::Record::VERS_TLS_1_2,
-    #    0,
-    #    0,
-    #    0,
-    #    "",
-    #    ""
-    #);
-    #push @{$proxy->record_list}, $record;
-
     # Now add the alert level (Fatal) as a separate record
     $byte = pack('C', TLSProxy::Message::AL_LEVEL_FATAL);
     my $record = TLSProxy::Record->new(
@@ -363,7 +348,6 @@ sub add_frag_alert_filter
         TLSProxy::Record::RT_ALERT,
         TLSProxy::Record::VERS_TLS_1_2,
         1,
-        0,
         1,
         1,
         $byte,
@@ -378,7 +362,6 @@ sub add_frag_alert_filter
         TLSProxy::Record::RT_ALERT,
         TLSProxy::Record::VERS_TLS_1_2,
         1,
-        0,
         1,
         1,
         $byte,
@@ -413,7 +396,6 @@ sub add_unknown_record_type
             @{$records}[-1]->epoch(),
             @{$records}[-1]->seq() +1,
             1,
-            0,
             1,
             1,
             "X",
@@ -425,7 +407,6 @@ sub add_unknown_record_type
             TLSProxy::Record::RT_UNKNOWN,
             @{$records}[-1]->version(),
             1,
-            0,
             1,
             1,
             "X",
@@ -569,7 +550,6 @@ sub not_on_record_boundary
             0,
             0,
             0,
-            0,
             "",
             ""
         );
@@ -599,7 +579,6 @@ sub not_on_record_boundary
             0,
             0,
             0,
-            0,
             "",
             ""
         );
@@ -624,7 +603,6 @@ sub not_on_record_boundary
                 0,
                 0,
                 0,
-                0,
                 "",
                 ""
             );
@@ -645,7 +623,6 @@ sub not_on_record_boundary
             0,
             0,
             0,
-            0,
             "",
             ""
         );
@@ -694,7 +671,6 @@ sub empty_app_data
         1,
         1,
         length($data),
-        0,
         length($data),
         0,
         $data,

diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t
index ff2f6dbdd18762532268f7f55623654d22004de3..c6138b6d299c174c4cdd21df170ea1c3421cfe54 100644 (file)
--- a/test/recipes/70-test_tls13hrr.t
+++ b/test/recipes/70-test_tls13hrr.t
@@ -177,7 +177,6 @@ sub hrr_filter
             $hrr_record->content_type(),
             $hrr_record->version(),
             $hrr_record->len(),
-            $hrr_record->sslv2(),
             $hrr_record->len_real(),
             $hrr_record->decrypt_len(),
             $hrr_record->data(),

diff --git a/util/perl/TLSProxy/Record.pm b/util/perl/TLSProxy/Record.pm
index 460991e8aa826cfdc67b6347c02123d7b30d5c53..b0560fa0e5b04bced66676f97ddd7078a22d6f86 100644 (file)
--- a/util/perl/TLSProxy/Record.pm
+++ b/util/perl/TLSProxy/Record.pm
@@ -121,7 +121,6 @@ sub get_records
                 $epoch,
                 $seq,
                 $len,
-                0,
                 $len,       # len_real
                 $len,       # decrypt_len
                 $data,      # data
@@ -133,7 +132,6 @@ sub get_records
                 $content_type,
                 $version,
                 $len,
-                0,
                 $len,  # len_real
                 $len,  # decrypt_len
                 $data, # data
@@ -215,7 +213,6 @@ sub new_dtls
         $epoch,
         $seq,
         $len,
-        $sslv2,
         $len_real,
         $decrypt_len,
         $data,
@@ -227,7 +224,6 @@ sub new_dtls
         $epoch,
         $seq,
         $len,
-        $sslv2,
         $len_real,
         $decrypt_len,
         $data,
@@ -241,7 +237,6 @@ sub new
         $content_type,
         $version,
         $len,
-        $sslv2,
         $len_real,
         $decrypt_len,
         $data,
@@ -254,7 +249,6 @@ sub new
         0, #epoch
         0, #seq
         $len,
-        $sslv2,
         $len_real,
         $decrypt_len,
         $data,
@@ -271,7 +265,6 @@ sub init
         $epoch,
         $seq,
         $len,
-        $sslv2,
         $len_real,
         $decrypt_len,
         $data,
@@ -285,7 +278,6 @@ sub init
         epoch => $epoch,
         seq => $seq,
         len => $len,
-        sslv2 => $sslv2,
         len_real => $len_real,
         decrypt_len => $decrypt_len,
         data => $data,
@@ -388,27 +380,23 @@ sub reconstruct_record
     }
     $self->{sent} = 1;
 
-    if ($self->sslv2) {
-        $data = pack('n', $self->len | 0x8000);
+    if($self->{isdtls}) {
+        my $seqhi = ($self->seq >> 32) & 0xffff;
+        my $seqmi = ($self->seq >> 16) & 0xffff;
+        my $seqlo = ($self->seq >> 0) & 0xffff;
+        $data = pack('Cnnnnnn', $self->content_type, $self->version,
+                     $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
     } else {
-        if($self->{isdtls}) {
-            my $seqhi = ($self->seq >> 32) & 0xffff;
-            my $seqmi = ($self->seq >> 16) & 0xffff;
-            my $seqlo = ($self->seq >> 0) & 0xffff;
-            $data = pack('Cnnnnnn', $self->content_type, $self->version,
-                         $self->epoch, $seqhi, $seqmi, $seqlo, $self->len);
-        } else {
-            if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
-                $data = pack('Cnn', $self->outer_content_type, $self->version,
-                             $self->len);
-            }
-            else {
-                $data = pack('Cnn', $self->content_type, $self->version,
-                             $self->len);
-            }
+        if (TLSProxy::Proxy->is_tls13() && $self->encrypted) {
+            $data = pack('Cnn', $self->outer_content_type, $self->version,
+                         $self->len);
+        }
+        else {
+            $data = pack('Cnn', $self->content_type, $self->version,
+                         $self->len);
         }
-
     }
+
     $data .= $self->data;
 
     return $data;
@@ -420,11 +408,6 @@ sub flight
     my $self = shift;
     return $self->{flight};
 }
-sub sslv2
-{
-    my $self = shift;
-    return $self->{sslv2};
-}
 sub len_real
 {
     my $self = shift;