Index: aclocal/tcltls_openssl.m4
==================================================================
--- aclocal/tcltls_openssl.m4
+++ aclocal/tcltls_openssl.m4
@@ -33,33 +33,63 @@
 		AC_MSG_ERROR([Unable to compile a basic program using OpenSSL])
 	])
 	AC_LANG_POP([C])
 
 	dnl Determine if SSLv2 is supported
-	AC_CHECK_FUNC(SSLv2_method,, [
+	if test "$tcltls_ssl_ssl2" = "true"; then
+		AC_CHECK_FUNC(SSLv2_method,, [
+			tcltls_ssl_ssl2='false'
+		])
+	fi
+
+	if test "$tcltls_ssl_ssl2" = "false"; then
 		AC_DEFINE(NO_SSL2, [1], [Define this to disable SSLv2 in OpenSSL support])
-	])
+	fi
 
 	dnl Determine if SSLv3 is supported
-	AC_CHECK_FUNC(SSLv3_method,, [
+	if test "$tcltls_ssl_ssl3" = "true"; then
+		AC_CHECK_FUNC(SSLv3_method,, [
+			tcltls_ssl_ssl3='false'
+		])
+	fi
+
+	if test "$tcltls_ssl_ssl3" = "false"; then
 		AC_DEFINE(NO_SSL3, [1], [Define this to disable SSLv3 in OpenSSL support])
-	])
+	fi
 
 	dnl Determine if TLSv1.0 is supported
-	AC_CHECK_FUNC(TLSv1_method,, [
+	if test "$tcltls_ssl_tls1_0" = "true"; then
+		AC_CHECK_FUNC(TLSv1_method,, [
+			tcltls_ssl_tls1_0='false'
+		])
+	fi
+
+	if test "$tcltls_ssl_tls1_0" = "false"; then
 		AC_DEFINE(NO_TLS1, [1], [Define this to disable TLSv1.0 in OpenSSL support])
-	])
+	fi
 
 	dnl Determine if TLSv1.1 is supported
-	AC_CHECK_FUNC(TLSv1_1_method,, [
+	if test "$tcltls_ssl_tls1_1" = "true"; then
+		AC_CHECK_FUNC(TLSv1_1_method,, [
+			tcltls_ssl_tls1_1='false'
+		])
+	fi
+
+	if test "$tcltls_ssl_tls1_1" = "false"; then
 		AC_DEFINE(NO_TLS1_1, [1], [Define this to disable TLSv1.1 in OpenSSL support])
-	])
+	fi
 
 	dnl Determine if TLSv1.2 is supported
-	AC_CHECK_FUNC(TLSv1_2_method,, [
+	if test "$tcltls_ssl_tls1_2" = "true"; then
+		AC_CHECK_FUNC(TLSv1_2_method,, [
+			tcltls_ssl_tls1_2='false'
+		])
+	fi
+
+	if test "$tcltls_ssl_tls1_2" = "false"; then
 		AC_DEFINE(NO_TLS1_2, [1], [Define this to disable TLSv1.2 in OpenSSL support])
-	])
+	fi
 
 	dnl Restore compile-altering variables
 	LIBS="${SAVE_LIBS}"
 	CFLAGS="${SAVE_CFLAGS}"
 	CPPFLAGS="${SAVE_CPPFLAGS}"

Index: configure.in
==================================================================
--- configure.in
+++ configure.in
@@ -55,10 +55,51 @@
 	GEN_DH_PARAMS_ARGS='fallback'
 else
 	GEN_DH_PARAMS_ARGS=''
 fi
 AC_SUBST(GEN_DH_PARAMS_ARGS)
+
+dnl Allow the user to manually disable protocols
+dnl ## SSLv2: Disabled by default
+tcltls_ssl_ssl2='false'
+AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [
+	if test "$enableval" = "yes"; then
+		tcltls_ssl_ssl2='true'
+	fi
+])
+
+dnl ## SSLv3: Disabled by default
+tcltls_ssl_ssl3='false'
+AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [
+	if test "$enableval" = "yes"; then
+		tcltls_ssl_ssl3='true'
+	fi
+])
+
+dnl ## TLSv1.0: Enabled by default
+tcltls_ssl_tls1_0='true'
+AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [
+	if test "$enableval" = "no"; then
+		tcltls_ssl_tls1_0='false'
+	fi
+])
+
+dnl ## TLSv1.1: Enabled by default
+tcltls_ssl_tls1_1='true'
+AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [
+	if test "$enableval" = "no"; then
+		tcltls_ssl_tls1_1='false'
+	fi
+])
+
+dnl ## TLSv1.1: Enabled by default
+tcltls_ssl_tls1_2='true'
+AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [
+	if test "$enableval" = "no"; then
+		tcltls_ssl_tls1_2='false'
+	fi
+])
 
 dnl Enable support for a debugging build
 tcltls_debug='false'
 AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [
 	if test "$enableval" = "yes"; then