From d4e4eaeccd8b5f7c53ef43455a002c94f0258f3f Mon Sep 17 00:00:00 2001
From: Aaron Zauner <azet@azet.org>
Date: Fri, 27 Jun 2014 14:51:20 +0200
Subject: [PATCH] Disable insecure SSL protocols

SSLv2 and v3 have serious protocol flaws. They should be disabled by default. This is also what most distributions do and is recommended by the OpenSSL wiki: http://wiki.openssl.org/index.php/Compilation_and_Installation
---
 bin/ruby-build | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bin/ruby-build b/bin/ruby-build
index 233fbd34..8d674449 100755
--- a/bin/ruby-build
+++ b/bin/ruby-build
@@ -802,7 +802,7 @@ build_package_mac_openssl() {
   OPENSSL_CONFIGURE="${OPENSSL_CONFIGURE:-./config}"
 
   # Compile a shared lib with zlib dynamically linked, no kerberos.
-  package_option openssl configure --openssldir="$OPENSSLDIR" zlib-dynamic no-krb5 shared
+  package_option openssl configure --openssldir="$OPENSSLDIR" zlib-dynamic no-ssl2 no-ssl3 no-krb5 shared
 
   # Default MAKE_OPTS are -j 2 which can confuse the build. Thankfully, make
   # gives precedence to the last -j option, so we can override that.