@@ -55,10 +55,51 @@
 	GEN_DH_PARAMS_ARGS='fallback'
 else
 	GEN_DH_PARAMS_ARGS=''
 fi
 AC_SUBST(GEN_DH_PARAMS_ARGS)
+
+dnl Allow the user to manually disable protocols
+dnl ## SSLv2: Disabled by default
+tcltls_ssl_ssl2='false'
+AC_ARG_ENABLE([sslv2], AS_HELP_STRING([--enable-sslv2], [enable SSLv2 protocol]), [
+	if test "$enableval" = "yes"; then
+		tcltls_ssl_ssl2='true'
+	fi
+])
+
+dnl ## SSLv3: Disabled by default
+tcltls_ssl_ssl3='false'
+AC_ARG_ENABLE([sslv3], AS_HELP_STRING([--enable-sslv3], [enable SSLv3 protocol]), [
+	if test "$enableval" = "yes"; then
+		tcltls_ssl_ssl3='true'
+	fi
+])
+
+dnl ## TLSv1.0: Enabled by default
+tcltls_ssl_tls1_0='true'
+AC_ARG_ENABLE([tlsv1.0], AS_HELP_STRING([--disable-tlsv1.0], [disable TLSv1.0 protocol]), [
+	if test "$enableval" = "no"; then
+		tcltls_ssl_tls1_0='false'
+	fi
+])
+
+dnl ## TLSv1.1: Enabled by default
+tcltls_ssl_tls1_1='true'
+AC_ARG_ENABLE([tlsv1.1], AS_HELP_STRING([--disable-tlsv1.1], [disable TLSv1.1 protocol]), [
+	if test "$enableval" = "no"; then
+		tcltls_ssl_tls1_1='false'
+	fi
+])
+
+dnl ## TLSv1.1: Enabled by default
+tcltls_ssl_tls1_2='true'
+AC_ARG_ENABLE([tlsv1.2], AS_HELP_STRING([--disable-tlsv1.2], [disable TLSv1.2 protocol]), [
+	if test "$enableval" = "no"; then
+		tcltls_ssl_tls1_2='false'
+	fi
+])
 
 dnl Enable support for a debugging build
 tcltls_debug='false'
 AC_ARG_ENABLE([debug], AS_HELP_STRING([--enable-debug], [enable debugging parameters]), [
 	if test "$enableval" = "yes"; then