tl;dr: Has anyone a problem if sslscan embeds openssl 1.0.2 in its source? sslscan [0] as packaged in Debian currently relies on external libssl as provided by the openssl package. The openssl package disables support compression, SSLv2 and SSLv3 which is good but it also means that sslscan can not detect a SSL implementation that is still providing support for one of these deprecated protocols or compression. One could say that it is not required to test for SSLv2 because if libssl does not support it then it is not possible for an application to offer it. However libssl is not the only SSL toolkit in Debian and one might need to scan a non-Debian / older machine.
[0] https://github.com/rbsec/sslscan Sebastian
