Disable SSLv2 and SSLv3 in links to "mitigate POODLE vulnerability".

This change will be passed upstream.

--- https.c.orig	2016-03-02 16:24:33.763060204 -0800
+++ https.c	2016-03-02 16:25:14.036046032 -0800
@@ -100,7 +100,7 @@
 		if (!m) return NULL;
 		context = SSL_CTX_new((void *)m);
 		if (!context) return NULL;
-		SSL_CTX_set_options(context, SSL_OP_ALL);
+		SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 		if (ssl_set_private_paths())
 			SSL_CTX_set_default_verify_paths(context);
 		SSL_CTX_set_default_passwd_cb(context, ssl_password_callback);