--- WWW/Library/Implementation/HTTP.c.orig 2018-08-12 12:33:30 UTC +++ WWW/Library/Implementation/HTTP.c @@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void) #else SSLeay_add_ssl_algorithms(); if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) { -#ifdef SSL_OP_NO_SSLv2 - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); -#else - SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); -#endif + /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ + SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #ifdef SSL_OP_NO_COMPRESSION SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); #endif