Disable SSLv2 and SSLv3 in w3m to "mitigate POODLE vulnerability".
This change will be passed upstream.
--- w3m-0.5.2/url.c.orig 2015-01-29 08:37:04.156739107 -0800
+++ w3m-0.5.2/url.c 2015-01-29 08:48:24.055383389 -0800
@@ -337,6 +337,8 @@
option |= SSL_OP_NO_TLSv1;
}
SSL_CTX_set_options(ssl_ctx, option);
+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
#ifdef USE_SSL_VERIFY
/* derived from openssl-0.9.5/apps/s_{client,cb}.c */
#if 1 /* use SSL_get_verify_result() to verify cert */