Hi!
I recently moved our traffic to be 100% HTTPS, and found out that you can't disable SSL3 without forcing a specific version. Basically, if your version is not TLSVersion.any, it seems like it will force that version.
SSL3 is known to be vulnerable to a MITM attack, and lots of server software have disabled it by now. Is there a way to fix this with the current interface that I missed?
A quick and easy way would be to pass SSLOPNOSSLv3 in addition to SSLOPNOSSLv2 to OpenSSL, when the selected version is TLSVersion.any.