Description of problem: openssl stopped support ssl2 but the man pages and help still shows this options. It would be nice to remove it from there to not confuse people. Version-Release number of selected component (if applicable): openssl-1.0.2k-1.fc25 How reproducible: always Steps to Reproduce: : | openssl s_client -connect my-domain.com:636 -CAfile /etc/openldap/cacerts/ca.crt -ssl2 unknown option -ssl2 ^^^^^^^^^^^^^^^^^^^^ it says unknown option, what is expected usage: s_client args -host host - use -connect instead -port port - use -connect instead -connect host:port - who to connect to (default is localhost:4433) -verify_hostname host - check peer certificate matches "host" -verify_email email - check peer certificate matches "email" -verify_ip ipaddr - check peer certificate matches "ipaddr" -verify arg - turn on peer certificate verification -verify_return_error - return verification errors -cert arg - certificate file to use, PEM format assumed -certform arg - certificate format (PEM or DER) PEM default -key arg - Private key file to use, in cert file if not specified but cert file is. -keyform arg - key format (PEM or DER) PEM default -pass arg - private key file pass phrase source -CApath arg - PEM format directory of CA's -CAfile arg - PEM format file of CA's -trusted_first - Use trusted CA's first when building the trust chain -no_alt_chains - only ever use the first certificate chain found -reconnect - Drop and re-make the connection with the same Session-ID -pause - sleep(1) after each read(2) and write(2) system call -prexit - print session information even on connection failure -showcerts - show all certificates in the chain -debug - extra output -msg - Show protocol messages -nbio_test - more ssl protocol testing -state - print the 'ssl' states -nbio - Run with non-blocking IO -crlf - convert LF from terminal into CRLF -quiet - no s_client output -ign_eof - ignore input eof (default when -quiet) -no_ign_eof - don't ignore input eof -psk_identity arg - PSK identity -psk arg - PSK in hex (without 0x) -ssl2 - just use SSLv2 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ but then it is still here again It's probably the same for s_server and other commands as well. And for the man pages: # rpm -qd openssl | xargs zgrep -l 'ssl2' /usr/share/doc/openssl/NEWS /usr/share/man/man1/ciphers.1ssl.gz /usr/share/man/man1/s_client.1ssl.gz /usr/share/man/man1/s_server.1ssl.gz /usr/share/man/man1/s_time.1ssl.gz
This is mostly fixed in OpenSSL-1.1.0.