feat: expose configuration for SSLv3 (alexcrichton#265)

jmayclin · web-flow · commit 4bb90981a342 · 2025-05-09T17:47:28.000-05:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -37,6 +37,8 @@ legacy = []
 # Enables compilation of some older algorithms: md2 (hash), rc5 (block cypher) and enabled use of
 # some weaker algorithms in SSL connections. These are generally not recommended for use.
 weak-crypto = []
+# Enables compilation of SSLv3, which is disabled by default.
+ssl3 = []
 # Enables compilation of the Camellia symmetric key block cypher. Since hardware acceleration for
 # it is not available on most systems, this is not as used as AES.
 camellia = []
diff --git a/src/lib.rs b/src/lib.rs
@@ -198,8 +198,6 @@ impl Build {
             // No shared objects, we just want static libraries
             .arg("no-shared")
             .arg("no-module")
-            // Should be off by default on OpenSSL 1.1.0, but let's be extra sure
-            .arg("no-ssl3")
             // No need to build tests, we won't run them anyway
             .arg("no-tests")
             // Nothing related to zlib please
@@ -222,6 +220,13 @@ impl Build {
             configure.arg("no-legacy");
         }
 
+        if cfg!(feature = "ssl3") {
+            configure.arg("enable-ssl3").arg("enable-ssl3-method");
+        } else {
+            // Should be off by default on OpenSSL 1.1.0, but let's be extra sure
+            configure.arg("no-ssl3");
+        }
+
         if cfg!(feature = "weak-crypto") {
             configure
                 .arg("enable-md2")
