The test program openssl s_server
has several option to choose the SSL/TLS version, i.e. -ssl2
, -ssl3
, -tls1
, -tls1_1
, .... Starting with OpenSSL 1.1.0 the usage openssl s_server -help
shows all actually supported options, i.e. -ssl3
is only shown if SSLv3 is actually supported.
With earlier versions of OpenSSL the usage might show version which were not actually supported but an attempt to actually use these resulted in an error.
Q: Is SSLv3 supported by default in OpenSSL1.1.0g? How can I know this?
Since you compile it from source you can just look at the output from config
:
$ ./config
...
Configuring OpenSSL version 1.1.0g-dev (0x10100070L)
...
no-ssl3 [default] OPENSSL_NO_SSL3
Thus, it looks like SSLv3 is disabled by default.