Hi. Could you please consider to remove SSLv3 (and if not done yet SSLv2 as well) from being automatically used, while still leaving users the choice to manually enable it (e.g. via --secure-protocol=SSLv2/3).
I think it would be a bad idea to expect that these insecure versions are dropped from the SSL backend libs, since they may be retained for debugging purposes or people may just use outdated cipher preference list. Also, it wget seems to have this --secure-protocol=PFS, which seems a bit strange to me, since PFS is not a property of TLS/SSL itself but rather the algorithms used. Especially, when specifying --secure-protocol=PFS one shouldn't end up with SSLv2/3 accidentally :) Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
