diff --git a/src/openssl.c b/src/openssl.c
index 0404d2d0..62d8b084 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -269,11 +269,36 @@ ssl_init (void)
    * Since we want a good protection, we also use HIGH (that excludes MD4 ciphers and some more)
    */
   if (opt.secure_protocol == secure_protocol_pfs)
-    SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:MEDIUM:!RC4:!SRP:!PSK:!RSA:address@hidden");
+    SSL_CTX_set_cipher_list (ssl_ctx, "HIGH:!aNULL:!kRSA:!RC4:!MD5:!SRP:!PSK");
 
   SSL_CTX_set_default_verify_paths (ssl_ctx);
   SSL_CTX_load_verify_locations (ssl_ctx, opt.ca_cert, opt.ca_directory);
 
+  if (opt.ca_cert)
+    {
+      /* Set X509_V_FLAG_PARTIAL_CHAIN to allow the client to anchor trust in
+       * a non-self-signed certificate. This defies RFC 4158 (Path Building)
+       * which defines a trust anchor in terms of a self-signed certificate.
+       * However, it substantially reduces attack surface by prunning the tree
+       * of unneeded trust points. For example, the cross-certified
+       * Let's Encrypt X3 CA, which protects gnu.org, appears as an
+       * intermediate CA to clients, can be used as a trust anchor without
+       * the entire IdentTrust PKI.
+       */ 
+      X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
+      if (!param)
+	    {
+          /* TODO: How does Wget handle a malloc failure? */
+	    }
+	  else
+	    {
+	      /* Return value is the old options */
+	      (void)X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);
+	      SSL_CTX_set1_param(ssl_ctx, param);
+	      X509_VERIFY_PARAM_free(param);
+	    }
+    }
+
   if (opt.crl_file)
     {
       X509_STORE *store = SSL_CTX_get_cert_store (ssl_ctx);