diff -u -N -r wget-1.15.orig/doc/wget.texi wget-1.15/doc/wget.texi
--- wget-1.15.orig/doc/wget.texi	2014-01-04 16:49:47.000000000 +0400
+++ wget-1.15/doc/wget.texi	2014-10-08 14:10:05.325529633 +0400
@@ -1595,16 +1595,17 @@
 @cindex SSL protocol, choose
 @item address@hidden
 Choose the secure protocol to be used.  Legal values are @samp{auto},
address@hidden, @samp{SSLv3}, @samp{TLSv1} and @samp{PFS}.  If @samp{auto}
-is used, the SSL library is given the liberty of choosing the appropriate
-protocol automatically, which is achieved by sending an SSLv2 greeting
-and announcing support for SSLv3 and TLSv1.  This is the default.
address@hidden, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1}, @samp{TLSv1_2}
+and @samp{PFS}.  If @samp{auto} is used, the SSL library is given the
+liberty of choosing the appropriate protocol automatically, which is
+achieved by sending an SSLv2 greeting and announcing support for SSLv3
+and TLSv1.  This is the default.
 
-Specifying @samp{SSLv2}, @samp{SSLv3}, or @samp{TLSv1} forces the use
-of the corresponding protocol.  This is useful when talking to old and
-buggy SSL server implementations that make it hard for the underlying
-SSL library to choose the correct protocol version.  Fortunately, such
-servers are quite rare.
+Specifying @samp{SSLv2}, @samp{SSLv3}, @samp{TLSv1}, @samp{TLSv1_1} or
address@hidden forces the use of the corresponding protocol.  This is
+useful when talking to old and buggy SSL server implementations that
+make it hard for the underlying SSL library to choose the correct
+protocol version.  Fortunately, such servers are quite rare.
 
 Specifying @samp{PFS} enforces the use of the so-called Perfect Forward
 Security cipher suites. In short, PFS adds security by creating a one-time
diff -u -N -r wget-1.15.orig/src/ChangeLog wget-1.15/src/ChangeLog
--- wget-1.15.orig/src/ChangeLog	2014-01-07 18:59:17.000000000 +0400
+++ wget-1.15/src/ChangeLog	2014-10-08 14:05:39.857741485 +0400
@@ -1,3 +1,8 @@
+2014-10-08 Nikolay Morozov <address@hidden> and Sergey Lvov <address@hidden>
+	* init.c (cmd_spec_secure_protocol): Add support for
+	TLS v1.1 and TLS v1.2 protocols
+	* openssl.c (ssl_init): Add support for OpenSSL engines
+
 2014-01-05  HÃ¥kon VÃ¥gsether <address@hidden> (tiny change)
 
 	* http.c (http_loop): Fix checking the URL length when filename is
diff -u -N -r wget-1.15.orig/src/init.c wget-1.15/src/init.c
--- wget-1.15.orig/src/init.c	2014-01-04 16:49:47.000000000 +0400
+++ wget-1.15/src/init.c	2014-04-11 10:21:40.680401923 +0400
@@ -1496,6 +1496,8 @@
     { "sslv2", secure_protocol_sslv2 },
     { "sslv3", secure_protocol_sslv3 },
     { "tlsv1", secure_protocol_tlsv1 },
+    { "tlsv1_1", secure_protocol_tlsv1_1 },
+    { "tlsv1_2", secure_protocol_tlsv1_2 },
     { "pfs", secure_protocol_pfs },
   };
   int ok = decode_string (val, choices, countof (choices), place);
diff -u -N -r wget-1.15.orig/src/openssl.c wget-1.15/src/openssl.c
--- wget-1.15.orig/src/openssl.c	2013-10-21 18:50:12.000000000 +0400
+++ wget-1.15/src/openssl.c	2014-10-08 15:05:54.793325546 +0400
@@ -40,6 +40,9 @@
 #include <openssl/x509v3.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#if OPENSSL_VERSION_NUMBER >= 0x00907000
+#include <openssl/conf.h>
+#endif
 
 #include "utils.h"
 #include "connect.h"
@@ -176,6 +179,12 @@
       goto error;
     }
 
+#if OPENSSL_VERSION_NUMBER >= 0x00907000
+  OPENSSL_load_builtin_modules();
+  ENGINE_load_builtin_engines();
+  CONF_modules_load_file(NULL, NULL,
+      CONF_MFLAGS_DEFAULT_SECTION|CONF_MFLAGS_IGNORE_MISSING_FILE);
+#endif
   SSL_library_init ();
   SSL_load_error_strings ();
   SSLeay_add_all_algorithms ();
@@ -198,6 +207,14 @@
     case secure_protocol_tlsv1:
       meth = TLSv1_client_method ();
       break;
+#if OPENSSL_VERSION_NUMBER >= 0x01001000
+    case secure_protocol_tlsv1_1:
+      meth = TLSv1_1_client_method ();
+      break;
+    case secure_protocol_tlsv1_2:
+      meth = TLSv1_2_client_method ();
+      break;
+#endif
     default:
       abort ();
     }
diff -u -N -r wget-1.15.orig/src/options.h wget-1.15/src/options.h
--- wget-1.15.orig/src/options.h	2014-01-04 16:49:47.000000000 +0400
+++ wget-1.15/src/options.h	2014-04-11 10:24:21.038684323 +0400
@@ -201,6 +201,8 @@
     secure_protocol_sslv2,
     secure_protocol_sslv3,
     secure_protocol_tlsv1,
+    secure_protocol_tlsv1_1,
+    secure_protocol_tlsv1_2,
     secure_protocol_pfs
   } secure_protocol;		/* type of secure protocol to use. */
   bool check_cert;		/* whether to validate the server's cert */