diff --git a/src/ChangeLog b/src/ChangeLog
index 97a895e8..a9fa0bcd 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-03  Jérémie Courrèges-Anglas  <jca@wxcvbn.org> (tiny change)
+
+	* openssl.c (ssl_init): Allow pfs to be used with protocols other than
+	TLSv1.
+
 2014-12-01  Tim Ruehsen <tim.ruehsen@gmx.de>
 
 	* connect.c, iri.c, url.c, warc.c: Fix issues reported
diff --git a/src/openssl.c b/src/openssl.c
index 38c6ac4c..81da5a2b 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -203,6 +203,8 @@ ssl_init (void)
   SSLeay_add_all_algorithms ();
   SSLeay_add_ssl_algorithms ();
 
+  long ssl_options = 0;
+
   switch (opt.secure_protocol)
     {
 #ifndef OPENSSL_NO_SSL2
@@ -219,6 +221,9 @@ ssl_init (void)
 
     case secure_protocol_auto:
     case secure_protocol_pfs:
+      meth = SSLv23_client_method ();
+      ssl_options |= SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+      break;
     case secure_protocol_tlsv1:
       meth = TLSv1_client_method ();
       break;
@@ -253,6 +258,9 @@ ssl_init (void)
   if (!ssl_ctx)
     goto error;
 
+  if (ssl_options)
+    SSL_CTX_set_options (ssl_ctx, ssl_options);
+
   /* OpenSSL ciphers: https://www.openssl.org/docs/apps/ciphers.html
    * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
    */