I asked a similar question in the past, and Mike said that the above should work for allowing multiple versions. Try this, from
https://www.stunnel.org/static/stunnel.html man page:
sslVersion = all
options = NO_SSLv2
options = NO_TLSv1
options = NO_TLSv1.1
That should only allow SSLv3 and TLSv1.2 and disallow the other three above. I did test this (i.e., enabling the ones "turned off" in the client) and it does indeed work. See what Mike said at the following URL:
Be sure that you're looking in the right place... there's "enabled by software" and then "enabled by configuration"... the config can limit the software.
NOTE: The old posts can be searched here:
-Rob