Remove non-functional SSL 2 version code point

As per discussion in #1694, remove SSL 2 for now. SSL 2 is not actually implemented, and the version code point is wrong anyway. SSL 2 uses a version field of 0x0002, not 0x0200. This is confirmed not only in the original Netscape spec [1] and RFC draft of the time [2], but also in major implementations such as OpenSSL [3] and Wireshark [4]. More importantly, SSL 2 has a different record format, without version field, that is used for both SSL 2 proper, and SSL 2 compatible SSL 3 / TLS. For Packet++ to see a SSL 2 version field on the wire, it would first have to support the SSL 2 record format, and at least one of SSL 2 handshake messages, or SSL 2 compatible SSL 3 or later handshakes. [1] https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft02.html [2] https://datatracker.ietf.org/doc/html/draft-hickman-netscape-ssl-00 [3] https://github.com/openssl/openssl/blob/OpenSSL_0_9_6m/ssl/ssl2.h#L66-L71 [4] https://github.com/wireshark/wireshark/blob/release-4.4/epan/dissectors/packet-tls-utils.h#L266-L277
seladb · Feb 9, 2025 · 48c82e1 · 48c82e1
1 parent 3292f14
commit 48c82e1
Show file tree

Hide file tree

Showing 2 changed files with 0 additions and 5 deletions.
diff --git a/Packet++/header/SSLCommon.h b/Packet++/header/SSLCommon.h
@@ -100,8 +100,6 @@ namespace pcpp
 		/// SSL/TLS versions enum
 		enum SSLVersionEnum
 		{
-			/// SSL 2.0
-			SSL2 = 0x0200,
 			/// SSL 3.0
 			SSL3 = 0x0300,
 			/// TLS 1.0

diff --git a/Packet++/src/SSLCommon.cpp b/Packet++/src/SSLCommon.cpp
@@ -23,9 +23,6 @@ namespace pcpp
 				return static_cast<SSLVersion::SSLVersionEnum>(m_SSLVersionValue);
 		}
 
-		if (m_SSLVersionValue == 0x200)
-			return SSLVersion::SSL2;
-
 		return SSLVersion::Unknown;
 	}