diff -cr stunnel-3.22/options.c stunnel-3.22-new/options.c
*** stunnel-3.22/options.c	Sun Dec 23 21:08:51 2001
--- stunnel-3.22-new/options.c	Tue Feb 19 14:21:11 2002
***************
*** 84,91 ****
      options.random_bytes=RANDOM_BYTES;
      options.output_file=NULL;
      options.local_ip=NULL;
      opterr=0;
!     while ((c = getopt(argc, argv, "A:a:cp:v:d:fTl:L:r:s:g:t:u:n:N:hC:D:O:E:R:WB:VP:S:o:I:")) != EOF)
          switch (c) {
              case 'A':
                      safecopy(options.cert_file,optarg);
--- 84,92 ----
      options.random_bytes=RANDOM_BYTES;
      options.output_file=NULL;
      options.local_ip=NULL;
+     options.method=NULL;
      opterr=0;
!     while ((c = getopt(argc, argv, "A:a:cp:v:d:fTl:L:r:s:g:t:u:m:n:N:hC:D:O:E:R:WB:VP:S:o:I:")) != EOF)
          switch (c) {
              case 'A':
                      safecopy(options.cert_file,optarg);
***************
*** 230,235 ****
--- 231,239 ----
                      print_info();
                  }
                  break;
+ 	    case 'm':
+ 		options.method=optarg;
+ 		break;
              case 'V':
                  print_version();
                  exit(0);
***************
*** 344,349 ****
--- 348,354 ----
  
  #ifndef USE_WIN32
          "[-P { dir/ | filename | none } ] "
+ 	"\n\t[-m method]"
          "\n\t[-d [host:]port [-f] ] "
          "\n\t[-r [host:]port | { -l | -L }  program [-- args] ] "
  #else
***************
*** 391,396 ****
--- 396,402 ----
          "\n  -P arg\tspecify pid file { dir/ | filename | none }"
  #endif
          "\n  -C list\tset permitted SSL ciphers"
+ 	"\n  -m method\tset SSL method: ssl2, ssl3, tls1"
  #if SSLEAY_VERSION_NUMBER >= 0x0090581fL
          "\n  -E socket\tpath to Entropy Gathering Daemon socket"
  #ifdef EGD_SOCKET
diff -cr stunnel-3.22/prototypes.h stunnel-3.22-new/prototypes.h
*** stunnel-3.22/prototypes.h	Sun Nov 11 20:16:01 2001
--- stunnel-3.22-new/prototypes.h	Tue Feb 19 14:14:31 2002
***************
*** 111,116 ****
--- 111,117 ----
      int cert_defaults;
      char *output_file;
      u32 *local_ip;
+     char *method;
  } server_options;
  
  typedef enum {
diff -cr stunnel-3.22/ssl.c stunnel-3.22-new/ssl.c
*** stunnel-3.22/ssl.c	Sun Dec 23 20:46:03 2001
--- stunnel-3.22-new/ssl.c	Tue Feb 19 14:15:57 2002
***************
*** 71,85 ****
  SSL_CTX *ctx; /* global SSL context */
  
  void context_init() { /* init SSL */
  
      if(!init_prng())
          log(LOG_INFO, "PRNG seeded successfully");
      SSLeay_add_ssl_algorithms();
      SSL_load_error_strings();
      if(options.option&OPT_CLIENT) {
!         ctx=SSL_CTX_new(SSLv3_client_method());
      } else { /* Server mode */
!         ctx=SSL_CTX_new(SSLv23_server_method());
  #ifndef NO_RSA
          SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
  #endif /* NO_RSA */
--- 71,106 ----
  SSL_CTX *ctx; /* global SSL context */
  
  void context_init() { /* init SSL */
+     SSL_METHOD *meth;
  
      if(!init_prng())
          log(LOG_INFO, "PRNG seeded successfully");
      SSLeay_add_ssl_algorithms();
      SSL_load_error_strings();
      if(options.option&OPT_CLIENT) {
!         if (options.method == NULL)
! 	    meth = SSLv23_client_method();
! 	else if (strcmp(options.method, "ssl2") == 0)
! 	    meth = SSLv2_client_method();
! 	else if (strcmp(options.method, "ssl3") == 0)
! 	    meth = SSLv3_client_method();
! 	else if (strcmp(options.method, "tls1") == 0)
! 	    meth = TLSv1_client_method();
! 	else
! 	    meth = SSLv23_client_method();
!         ctx=SSL_CTX_new(meth);
      } else { /* Server mode */
!         if (options.method == NULL)
! 	    meth = SSLv23_server_method();
! 	else if (strcmp(options.method, "ssl2") == 0)
! 	    meth = SSLv2_server_method();
! 	else if (strcmp(options.method, "ssl3") == 0)
! 	    meth = SSLv3_server_method();
! 	else if (strcmp(options.method, "tls1") == 0)
! 	    meth = TLSv1_server_method();
! 	else
! 	    meth = SSLv23_server_method();
!         ctx=SSL_CTX_new(meth);
  #ifndef NO_RSA
          SSL_CTX_set_tmp_rsa_callback(ctx, tmp_rsa_cb);
  #endif /* NO_RSA */
