Disable SSLv2 and SSLv3 in links to "mitigate POODLE vulnerability".
This change will be passed upstream.
--- https.c.orig 2016-03-02 16:24:33.763060204 -0800
+++ https.c 2016-03-02 16:25:14.036046032 -0800
@@ -100,7 +100,7 @@
if (!m) return NULL;
context = SSL_CTX_new((void *)m);
if (!context) return NULL;
- SSL_CTX_set_options(context, SSL_OP_ALL);
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
if (ssl_set_private_paths())
SSL_CTX_set_default_verify_paths(context);
SSL_CTX_set_default_passwd_cb(context, ssl_password_callback);