--- asterisk-11.13.0/res/res_jabber.c.orig	2014-10-16 10:05:57.000000000 -0500
+++ asterisk-11.13.0/res/res_jabber.c	2014-10-16 10:04:51.000000000 -0500
@@ -1282,14 +1282,17 @@
 static int aji_tls_handshake(struct aji_client *client)
 {
 	int sock;
+	long ssl_opts;
 
 	ast_debug(1, "Starting TLS handshake\n");
 
 	/* Choose an SSL/TLS protocol version, create SSL_CTX */
-	client->ssl_method = SSLv3_method();
+	client->ssl_method = SSLv23_method();
 	if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) {
 		return IKS_NET_TLSFAIL;
 	}
+	ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+	SSL_CTX_set_options(client->ssl_context, ssl_opts);
 
 	/* Create new SSL session */
 	if (!(client->ssl_session = SSL_new(client->ssl_context))) {
--- asterisk-11.13.0/res/res_xmpp.c.orig	2014-10-16 10:13:57.000000000 -0500
+++ asterisk-11.13.0/res/res_xmpp.c	2014-10-16 10:16:49.000000000 -0500
@@ -2501,6 +2501,7 @@
 {
 #ifdef HAVE_OPENSSL
 	int sock;
+	long ssl_opts;
 #endif
 
 	if (!strcmp(iks_name(node), "success")) {
@@ -2519,10 +2520,12 @@
 	ast_log(LOG_ERROR, "Somehow we managed to try to start TLS negotiation on client '%s' without OpenSSL support, disconnecting\n", client->name);
 	return -1;
 #else
-	client->ssl_method = SSLv3_method();
+	client->ssl_method = SSLv23_method();
 	if (!(client->ssl_context = SSL_CTX_new((SSL_METHOD *) client->ssl_method))) {
 		goto failure;
 	}
+	ssl_opts = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3;
+	SSL_CTX_set_options(client->ssl_context, ssl_opts);
 
 	if (!(client->ssl_session = SSL_new(client->ssl_context))) {
 		goto failure;