diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c
index 5b03121455..c73eab42cd 100644
--- a/src/backend/libpq/be-secure.c
+++ b/src/backend/libpq/be-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.21 2002/12/23 22:19:00 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/be-secure.c,v 1.22 2003/01/08 22:56:58 momjian Exp $
  *
  *	  Since the server static private key ($DataDir/server.key)
  *	  will normally be stored unencrypted so that the database
@@ -637,7 +637,7 @@ initialize_SSL(void)
 
 	/* set up empheral DH keys */
 	SSL_CTX_set_tmp_dh_callback(SSL_context, tmp_dh_cb);
-	SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE);
+	SSL_CTX_set_options(SSL_context, SSL_OP_SINGLE_DH_USE | SSL_OP_NO_SSLv2);
 
 	/* accept client certificates, but don't require them. */
 	snprintf(fnbuf, sizeof fnbuf, "%s/root.crt", DataDir);
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c
index 6f613aec06..36fe45bd9c 100644
--- a/src/interfaces/libpq/fe-secure.c
+++ b/src/interfaces/libpq/fe-secure.c
@@ -11,7 +11,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.18 2002/12/18 13:15:15 pgsql Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-secure.c,v 1.19 2003/01/08 22:56:58 momjian Exp $
  *
  * NOTES
  *	  The client *requires* a valid server certificate.  Since
@@ -714,7 +714,7 @@ initialize_SSL(PGconn *conn)
 	{
 		SSL_library_init();
 		SSL_load_error_strings();
-		SSL_context = SSL_CTX_new(SSLv23_method());
+		SSL_context = SSL_CTX_new(TLSv1_method());
 		if (!SSL_context)
 		{
 			printfPQExpBuffer(&conn->errorMessage,