Disable SSLv2 and SSLv3 in elinks to "mitigate POODLE vulnerability".
This change will be passed upstream.
--- links-1.03/https.c.orig 2014-12-17 15:47:04.315785336 -0800
+++ links-1.03/https.c 2015-01-06 13:08:06.766439550 -0800
@@ -41,6 +41,7 @@
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);
+ SSL_CTX_set_options(context, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
SSL_CTX_set_default_verify_paths(context);
/* needed for systems without /dev/random, but obviously kills security. */
/*{