diff -Nur qpsmtpd-0.84/plugins/tls qpsmtpd-0.84_bz9162/plugins/tls
--- qpsmtpd-0.84/plugins/tls	2016-01-07 18:52:04.588735630 +0100
+++ qpsmtpd-0.84_bz9162/plugins/tls	2016-01-07 18:56:14.294727154 +0100
@@ -57,6 +57,14 @@
 and put a suitable string in config/tls_ciphers (e.g. "DEFAULT" or
 "HIGH:MEDIUM")
 
+=head1 SSL/TLS protocols versions
+
+By default, SSLv2 and SSLv3 are not accepted, leaving only TLSv1,
+TLSv1.1 or TLSv1.2 enabled. You can customize this in config/tls_protocols
+For example, this will also disabled TLSv1, leaving only TLSv1.1 and TLSv1.2
+
+SSLv23:!SSLv2:!SSLv3:!TLSv1
+
 =cut
 
 use IO::Socket::SSL 0.98; # qw(debug1 debug2 debug3 debug4);
@@ -74,6 +82,7 @@
     $self->tls_key($key);
     $self->tls_ca($ca);
     $self->tls_ciphers($self->qp->config('tls_ciphers') || 'HIGH');
+    $self->tls_protocols($self->qp->config('tls_protocols') || 'SSLv23:!SSLv2:!SSLv3');
     
     Qpsmtpd->varlog(LOGINFO, "init", "tls", "ciphers: ".$self->tls_ciphers);
 
@@ -84,7 +93,7 @@
         SSL_key_file => $self->tls_key,
         SSL_ca_file => $self->tls_ca,
         SSL_cipher_list => $self->tls_ciphers,
-        SSL_version => 'SSLv23:!SSLv2:!SSLv3:!TLSv1',
+        SSL_version => $self->tls_protocols,
         SSL_server => 1
     ) or die "Could not create SSL context: $!";
     # now extract the password...
@@ -203,7 +212,7 @@
             SSL_key_file => $self->tls_key,
             SSL_ca_file => $self->tls_ca,
             SSL_cipher_list => $self->tls_ciphers,
-            SSL_version => 'SSLv23:!SSLv2:!SSLv3:!TLSv1',
+            SSL_version => $self->tls_protocols,
             SSL_server => 1,
             SSL_reuse_ctx => $self->ssl_context,
         ) or die "Could not create SSL socket: $!";
@@ -260,6 +269,12 @@
     $self->{_tls_ciphers};
 }
 
+sub tls_protocols {
+    my $self = shift;
+    @_ and $self->{_tls_protocols} = shift;
+    $self->{_tls_protocols};
+}
+
 sub ssl_context {
     my $self = shift;
     @_ and $self->{_ssl_ctx} = shift;