--- a/src/login-common/ssl-proxy-openssl.c	Tue Feb 02 14:16:50 2010 +0200
+++ b/src/login-common/ssl-proxy-openssl.c	Tue Feb 02 15:00:15 2010 +0200
@@ -917,7 +917,7 @@
 	X509_STORE *store;
 	STACK_OF(X509_NAME) *xnames = NULL;
 
-	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL);
+	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
 	if (*set->ssl_ca != '\0') {
 		/* set trusted CA certs */
 		store = SSL_CTX_get_cert_store(ssl_ctx);