Sulla base delle risposte finora, ho fatto un po 'di debug usando una vecchia versione di httpd di Apache con SSLv2 abilitato e ho ottenuto i seguenti log di debug; uno con SSLv2 abilitato (ma senza cifrari) e uno con SSLv2 disabilitato:
SSLv2 non abilitato:
[info] [client 192.168.56.1] Connection to child 66 established (server 127.0.1.1:443)
[info] Seeding PRNG with 656 bytes of entropy
[debug] ssl_engine_kernel.c(1901): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1909): OpenSSL: Loop: before/accept initialization
[debug] ssl_engine_io.c(1881): OpenSSL: read 11/11 bytes from BIO#7f86fdb62540 [mem: 7f86fdb69e70] (BIO dump follows)
[debug] ssl_engine_io.c(1814): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1853): | 0000: 80 25 01 00 02 00 0c 00-00 00 10 .%......... |
[debug] ssl_engine_io.c(1859): +-------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1938): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[info] [client 192.168.56.1] SSL library error 1 in handshake (server 127.0.1.1:443)
[info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[info] [client 192.168.56.1] Connection closed to child 66 with abortive shutdown (server 127.0.1.1:443)
SSLv2 abilitato, ma nessuna offerta di codice:
[info] [client 192.168.56.1] Connection to child 6 established (server 127.0.1.1:443)
[info] Seeding PRNG with 656 bytes of entropy
[debug] ssl_engine_kernel.c(1901): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1909): OpenSSL: Loop: before/accept initialization
[debug] ssl_engine_io.c(1881): OpenSSL: read 11/11 bytes from BIO#7fefb8bd5540 [mem: 7fefb8bdce70] (BIO dump follows)
[debug] ssl_engine_io.c(1814): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1853): | 0000: 80 25 01 00 02 00 0c 00-00 00 10 .%......... |
[debug] ssl_engine_io.c(1859): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1881): OpenSSL: read 28/28 bytes from BIO#7fefb8bd5540 [mem: 7fefb8bec11b] (BIO dump follows)
[debug] ssl_engine_io.c(1814): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1853): | 0000: 05 00 80 03 00 80 01 00-80 07 00 c0 42 8e 70 80 ............B.p. |
[debug] ssl_engine_io.c(1853): | 0010: 2f 51 05 45 fe d2 37 a8-57 38 04 eb /Q.E..7.W8.. |
[debug] ssl_engine_io.c(1859): +-------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1909): OpenSSL: Loop: SSLv2 read client hello A
[debug] ssl_engine_kernel.c(1909): OpenSSL: Loop: SSLv2 write server hello A
[debug] ssl_engine_io.c(1881): OpenSSL: read 2/2 bytes from BIO#7fefb8bd5540 [mem: 7fefb8bec110] (BIO dump follows)
[debug] ssl_engine_io.c(1814): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1853): | 0000: 80 03 .. |
[debug] ssl_engine_io.c(1859): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1881): OpenSSL: read 3/3 bytes from BIO#7fefb8bd5540 [mem: 7fefb8bec112] (BIO dump follows)
[debug] ssl_engine_io.c(1814): +-------------------------------------------------------------------------+
[debug] ssl_engine_io.c(1853): | 0000: 00 00 01 ... |
[debug] ssl_engine_io.c(1859): +-------------------------------------------------------------------------+
[debug] ssl_engine_kernel.c(1933): OpenSSL: Exit: failed in SSLv2 read client master key A
[info] [client 192.168.56.1] SSL library error 1 in handshake (server 127.0.1.1:443)
[info] SSL Library Error: 335982795 error:1406B0CB:SSL routines:GET_CLIENT_MASTER_KEY:peer error no cipher
[info] [client 192.168.56.1] Connection closed to child 6 with abortive shutdown (server 127.0.1.1:443)
L'handshake non funziona in entrambi i casi, per diversi motivi. Un errore di handshake è quindi equivalente al protocollo non supportato (come da risposta accettata).