still trying to get around this sslv2 thing

David Maloney · David Maloney · commit dc7c02e9e893 · 2013-03-04T18:18:01.000-06:00
diff --git a/lib/rex/sslscan/scanner.rb b/lib/rex/sslscan/scanner.rb
@@ -183,8 +183,12 @@ def validate_params(ssl_version, cipher)
 		unless @supported_versions.include? ssl_version
 			raise StandardError, "SSL Version must be one of: #{@supported_versions.to_s}"
 		end
-		unless OpenSSL::SSL::SSLContext.new(ssl_version).ciphers.flatten.include? cipher
-			raise StandardError, "Must be a valid SSL Cipher for #{version}!"
+		begin
+			unless OpenSSL::SSL::SSLContext.new(ssl_version).ciphers.flatten.include? cipher
+				raise StandardError, "Must be a valid SSL Cipher for #{version}!"
+			end
+		rescue
+			raise StandardError, "Your OS hates freedom! Your OpenSSL libs are compiled without SSLv2 support!"
 		end
 	end
 
diff --git a/spec/lib/rex/sslscan/scanner_spec.rb b/spec/lib/rex/sslscan/scanner_spec.rb
@@ -55,7 +55,7 @@
 
 		context ":rejected should be returned if" do
 			it "scans a server that doesn't support the supplied SSL version" do
-				subject.test_cipher(:SSLv2, "DES-CBC3-MD5").should == :rejected
+				subject.test_cipher(:SSLv3, "DES-CBC-SHA").should == :rejected
 			end
 
 			it "scans a server that doesn't support the cipher" do
@@ -72,7 +72,7 @@
 
 	context "when retrieving the cert" do
 		it "should return nil if it can't connect" do
-			subject.get_cert(:SSLv2, "DES-CBC3-MD5").should == nil
+			subject.get_cert(:SSLv3, "DES-CBC-SHA").should == nil
 		end
 
 		it "should return an X509 cert if it can connect" do
