--- sslyze/connection_helpers/tls_connection.py.orig	2022-05-14 11:12:33 UTC
+++ sslyze/connection_helpers/tls_connection.py
@@ -2,8 +2,6 @@ import socket
 from pathlib import Path
 from typing import Optional, TYPE_CHECKING
 
-from nassl.legacy_ssl_client import LegacySslClient
-
 from sslyze.server_setting import (
     ServerNetworkLocation,
     ServerNetworkConfiguration,
@@ -170,7 +168,7 @@ class SslConnection:
         ):
             raise ValueError("Cannot use modern OpenSSL with SSL 2.0 or 3.0")
 
-        ssl_client_cls = LegacySslClient if final_should_use_legacy_openssl else SslClient
+        ssl_client_cls = SslClient
 
         if network_configuration.tls_client_auth_credentials:
             # A client certificate and private key were provided
--- sslyze/mozilla_tls_profile/mozilla_config_checker.py.orig	2022-05-14 10:32:13 UTC
+++ sslyze/mozilla_tls_profile/mozilla_config_checker.py
@@ -79,10 +79,6 @@ class ServerScanResultIncomplete(Exception):
 
 
 SCAN_COMMANDS_NEEDED_BY_MOZILLA_CHECKER: Set[ScanCommand] = {
-    ScanCommand.SSL_2_0_CIPHER_SUITES,
-    ScanCommand.SSL_3_0_CIPHER_SUITES,
-    ScanCommand.TLS_1_0_CIPHER_SUITES,
-    ScanCommand.TLS_1_1_CIPHER_SUITES,
     ScanCommand.TLS_1_2_CIPHER_SUITES,
     ScanCommand.TLS_1_3_CIPHER_SUITES,
     ScanCommand.HEARTBLEED,
@@ -223,10 +219,6 @@ def _check_tls_versions_and_ciphers(
     smallest_ecdh_param_size = 100000
     smallest_dh_param_size = 100000
     for field_name, tls_version_name in [
-        ("ssl_2_0_cipher_suites", "SSLv2"),
-        ("ssl_3_0_cipher_suites", "SSLv3"),
-        ("tls_1_0_cipher_suites", "TLSv1"),
-        ("tls_1_1_cipher_suites", "TLSv1.1"),
         ("tls_1_2_cipher_suites", "TLSv1.2"),
         ("tls_1_3_cipher_suites", "TLSv1.3"),
     ]:
--- sslyze/plugins/compression_plugin.py.orig	2022-05-14 09:12:21 UTC
+++ sslyze/plugins/compression_plugin.py
@@ -1,7 +1,7 @@
 from dataclasses import dataclass
 
 import pydantic
-from nassl.legacy_ssl_client import LegacySslClient
+from nassl.ssl_client import SslClient
 from nassl.ssl_client import ClientCertificateRequested
 
 from sslyze.json.scan_attempt_json import ScanCommandAttemptAsJson
@@ -89,9 +89,9 @@ def _test_compression_support(server_info: ServerConne
 
     ssl_connection = server_info.get_preconfigured_tls_connection(
         override_tls_version=tls_version_to_use,
-        should_use_legacy_openssl=True,  # Only the legacy SSL client has methods to check for compression support
+        should_use_legacy_openssl=False,
     )
-    if not isinstance(ssl_connection.ssl_client, LegacySslClient):
+    if not isinstance(ssl_connection.ssl_client, SslClient):
         raise RuntimeError("Should never happen")
 
     # Make sure OpenSSL was built with support for compression to avoid false negatives
--- sslyze/plugins/fallback_scsv_plugin.py.orig	2022-05-14 09:12:21 UTC
+++ sslyze/plugins/fallback_scsv_plugin.py
@@ -3,7 +3,6 @@ from typing import List, Optional
 
 import pydantic
 from nassl import _nassl
-from nassl.legacy_ssl_client import LegacySslClient
 
 from sslyze.json.scan_attempt_json import ScanCommandAttemptAsJson
 from sslyze.plugins.plugin_base import (
--- sslyze/plugins/openssl_cipher_suites/_test_cipher_suite.py.orig	2022-05-14 09:12:21 UTC
+++ sslyze/plugins/openssl_cipher_suites/_test_cipher_suite.py
@@ -2,7 +2,6 @@ from dataclasses import dataclass
 from typing import Optional, Union
 
 from nassl.ephemeral_key_info import EphemeralKeyInfo
-from nassl.legacy_ssl_client import LegacySslClient
 from nassl.ssl_client import ClientCertificateRequested, SslClient, BaseSslClient
 
 from sslyze.errors import (
@@ -12,7 +11,6 @@ from sslyze.errors import (
 )
 from sslyze.plugins.openssl_cipher_suites.cipher_suites import CipherSuite
 from sslyze.server_connectivity import ServerConnectivityInfo, TlsVersionEnum
-from sslyze.plugins.openssl_cipher_suites._tls12_workaround import WorkaroundForTls12ForCipherSuites
 
 
 @dataclass(frozen=True)
@@ -36,15 +34,10 @@ def connect_with_cipher_suite(
     server_connectivity_info: ServerConnectivityInfo, tls_version: TlsVersionEnum, cipher_suite: CipherSuite
 ) -> Union[CipherSuiteAcceptedByServer, CipherSuiteRejectedByServer]:
     """Initiates a SSL handshake with the server using the SSL version and the cipher suite specified."""
-    requires_legacy_openssl = True
-    if tls_version == TlsVersionEnum.TLS_1_2:
-        # For TLS 1.2, we need to pick the right version of OpenSSL depending on which cipher suite
-        requires_legacy_openssl = WorkaroundForTls12ForCipherSuites.requires_legacy_openssl(cipher_suite.openssl_name)
-    elif tls_version == TlsVersionEnum.TLS_1_3:
-        requires_legacy_openssl = False
+    requires_legacy_openssl = False
 
     ssl_connection = server_connectivity_info.get_preconfigured_tls_connection(
-        override_tls_version=tls_version, should_use_legacy_openssl=requires_legacy_openssl
+        override_tls_version=tls_version, should_use_legacy_openssl=False
     )
     _set_cipher_suite_string(tls_version, cipher_suite.openssl_name, ssl_connection.ssl_client)
 
--- sslyze/plugins/openssl_cipher_suites/cipher_suites.py.orig	2022-06-25 23:42:22 UTC
+++ sslyze/plugins/openssl_cipher_suites/cipher_suites.py
@@ -3,7 +3,6 @@ from typing import Dict, Set
 
 from dataclasses import dataclass
 
-from nassl.legacy_ssl_client import LegacySslClient
 from nassl.ssl_client import OpenSslVersionEnum, SslClient
 
 from sslyze.server_connectivity import TlsVersionEnum
@@ -571,44 +570,14 @@ _TLS_1_3_CIPHER_SUITES = [
 ]
 
 
-def _parse_all_cipher_suites_with_legacy_openssl(tls_version: TlsVersionEnum) -> Set[str]:
-    ssl_client = LegacySslClient(ssl_version=OpenSslVersionEnum(tls_version.value))
-    # Disable SRP and PSK cipher suites as they need a special setup in the client and are never used
-    ssl_client.set_cipher_list("ALL:COMPLEMENTOFALL:-PSK:-SRP")
-    return set(ssl_client.get_cipher_list())
-
-
 def _parse_all_cipher_suites() -> Dict[TlsVersionEnum, Set[CipherSuite]]:
     tls_version_to_cipher_suites: Dict[TlsVersionEnum, Set[CipherSuite]] = {}
 
-    for tls_version in [
-        TlsVersionEnum.SSL_2_0,
-        TlsVersionEnum.SSL_3_0,
-        TlsVersionEnum.TLS_1_0,
-        TlsVersionEnum.TLS_1_1,
-    ]:
-        openssl_cipher_strings = _parse_all_cipher_suites_with_legacy_openssl(tls_version)
-        tls_version_to_cipher_suites[tls_version] = set()
-        for cipher_suite_openssl_name in openssl_cipher_strings:
-            cipher_suite_rfc_name = _OPENSSL_TO_RFC_NAMES_MAPPING[tls_version][cipher_suite_openssl_name]
-            tls_version_to_cipher_suites[tls_version].add(
-                CipherSuite(
-                    name=cipher_suite_rfc_name,
-                    openssl_name=cipher_suite_openssl_name,
-                    is_anonymous=True if "anon" in cipher_suite_rfc_name else False,
-                    key_size=_RFC_NAME_TO_KEY_SIZE_MAPPING[cipher_suite_rfc_name],
-                )
-            )
-
-    # For TLS 1.2, we have to use both the legacy and modern OpenSSL to cover all cipher suites
-    cipher_suites_from_legacy_openssl = _parse_all_cipher_suites_with_legacy_openssl(TlsVersionEnum.TLS_1_2)
-
     ssl_client_modern = SslClient(ssl_version=OpenSslVersionEnum(TlsVersionEnum.TLS_1_2.value))
     ssl_client_modern.set_cipher_list("ALL:COMPLEMENTOFALL:-PSK:-SRP")
     cipher_suites_from_modern_openssl = set(ssl_client_modern.get_cipher_list())
 
-    # Combine the two sets of cipher suites
-    openssl_cipher_strings = cipher_suites_from_legacy_openssl.union(cipher_suites_from_modern_openssl)
+    openssl_cipher_strings = cipher_suites_from_modern_openssl
     tls_version_to_cipher_suites[TlsVersionEnum.TLS_1_2] = set()
     for cipher_suite_openssl_name in openssl_cipher_strings:
         # Ignore TLS 1.3 cipher suites
--- sslyze/plugins/scan_commands.py.orig	2022-03-12 09:56:30 UTC
+++ sslyze/plugins/scan_commands.py
@@ -12,12 +12,8 @@ from sslyze.plugins.heartbleed_plugin import Heartblee
 from sslyze.plugins.http_headers_plugin import HttpHeadersImplementation
 from sslyze.plugins.openssl_ccs_injection_plugin import OpenSslCcsInjectionImplementation
 from sslyze.plugins.openssl_cipher_suites.implementation import (
-    Sslv20ScanImplementation,
-    Sslv30ScanImplementation,
-    Tlsv10ScanImplementation,
     Tlsv13ScanImplementation,
     Tlsv12ScanImplementation,
-    Tlsv11ScanImplementation,
 )
 from sslyze.plugins.robot.implementation import RobotImplementation
 from sslyze.plugins.session_renegotiation_plugin import SessionRenegotiationImplementation
@@ -60,10 +56,6 @@ class ScanCommandsRepository:
 _IMPLEMENTATION_CLASSES: Dict[ScanCommand, Type["ScanCommandImplementation"]] = {
     ScanCommand.CERTIFICATE_INFO: CertificateInfoImplementation,
     ScanCommand.SESSION_RESUMPTION: SessionResumptionSupportImplementation,
-    ScanCommand.SSL_2_0_CIPHER_SUITES: Sslv20ScanImplementation,
-    ScanCommand.SSL_3_0_CIPHER_SUITES: Sslv30ScanImplementation,
-    ScanCommand.TLS_1_0_CIPHER_SUITES: Tlsv10ScanImplementation,
-    ScanCommand.TLS_1_1_CIPHER_SUITES: Tlsv11ScanImplementation,
     ScanCommand.TLS_1_2_CIPHER_SUITES: Tlsv12ScanImplementation,
     ScanCommand.TLS_1_3_CIPHER_SUITES: Tlsv13ScanImplementation,
     ScanCommand.TLS_COMPRESSION: CompressionImplementation,
--- sslyze/plugins/session_renegotiation_plugin.py.orig	2022-05-14 09:12:21 UTC
+++ sslyze/plugins/session_renegotiation_plugin.py
@@ -5,7 +5,7 @@ from typing import List, Optional, Tuple
 
 import pydantic
 from nassl._nassl import OpenSSLError
-from nassl.legacy_ssl_client import LegacySslClient
+from nassl.ssl_client import SslClient
 
 from sslyze.json.scan_attempt_json import ScanCommandAttemptAsJson
 from sslyze.errors import ServerRejectedTlsHandshake
@@ -124,9 +124,9 @@ def _test_secure_renegotiation(server_info: ServerConn
 
     ssl_connection = server_info.get_preconfigured_tls_connection(
         override_tls_version=tls_version_to_use,
-        should_use_legacy_openssl=True,  # Only the legacy SSL client has methods to check for secure reneg
+        should_use_legacy_openssl=False,
     )
-    if not isinstance(ssl_connection.ssl_client, LegacySslClient):
+    if not isinstance(ssl_connection.ssl_client, SslClient):
         raise RuntimeError("Should never happen")
 
     try:
@@ -159,9 +159,9 @@ def _test_client_renegotiation(server_info: ServerConn
 
     ssl_connection = server_info.get_preconfigured_tls_connection(
         override_tls_version=tls_version_to_use,
-        should_use_legacy_openssl=True,  # Only the legacy SSL client has methods to trigger a reneg
+        should_use_legacy_openssl=False,
     )
-    if not isinstance(ssl_connection.ssl_client, LegacySslClient):
+    if not isinstance(ssl_connection.ssl_client, SslClient):
         raise RuntimeError("Should never happen")
 
     try:
