From 963193ddedb81fd1db17136a7dbed03861527256 Mon Sep 17 00:00:00 2001
From: Jared Johnson <jjohnson@efolder.net>
Date: Wed, 7 Jan 2015 15:19:39 -0800
Subject: [PATCH] Disable SSLv3

---
 plugins/tls | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/plugins/tls b/plugins/tls
index 1b94a95..6bfe42f 100644
--- a/plugins/tls
+++ b/plugins/tls
@@ -86,6 +86,9 @@ sub init {
     local $^W;    # this bit is very noisy...
     my $ssl_ctx =
       IO::Socket::SSL::SSL_Context->new(
+                                        # Disable SSLv2 and SSLv3 to avoid POODLE attacks. This is already
+                                        # the default in sufficiently recent versions of IO::Socket::SSL
+                                        SSL_version => 'SSLv23:!SSLv3:!SSLv2',
                                         SSL_use_cert    => 1,
                                         SSL_cert_file   => $self->tls_cert,
                                         SSL_key_file    => $self->tls_key,