From 31673ff517e474cd0d8472d049dafa1a6d4ef154 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 15 Aug 2015 10:33:59 +0200
Subject: [PATCH] curl.1: Document weaknesses in SSLv2 and SSLv3

Acknowledge that SSLv3 is also widely considered to be insecure.

Also, provide references for people who want to know more about why it's
insecure.
---
 docs/curl.1 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/docs/curl.1 b/docs/curl.1
index cf37d63c9..dd17f5512 100644
--- a/docs/curl.1
+++ b/docs/curl.1
@@ -171,10 +171,11 @@ a level of control).
 .IP "-2, --sslv2"
 (SSL) Forces curl to use SSL version 2 when negotiating with a remote SSL
 server. Sometimes curl is built without SSLv2 support. SSLv2 is widely
-considered insecure.
+considered insecure (see RFC 6176).
 .IP "-3, --sslv3"
 (SSL) Forces curl to use SSL version 3 when negotiating with a remote SSL
-server. Sometimes curl is built without SSLv3 support.
+server. Sometimes curl is built without SSLv3 support. SSLv3 is widely
+considered insecure (see RFC 7568).
 .IP "-4, --ipv4"
 This option tells curl to resolve names to IPv4 addresses only, and not for
 example try IPv6.