diff --git a/apps/s_server.c b/apps/s_server.c
index 1bac3b4..edda7db 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -314,6 +314,10 @@ static int s_quiet=0;
 static int s_ign_eof=0;
 static int s_brief=0;
 
+#ifndef OPENSSL_NO_TLS1
+static int tls_all = 0;
+#endif
+
 static char *keymatexportlabel=NULL;
 static int keymatexportlen=20;
 
@@ -572,6 +576,7 @@ static void sv_usage(void)
 	BIO_printf(bio_err," -tls1_2       - Just talk TLSv1.2\n");
 	BIO_printf(bio_err," -tls1_1       - Just talk TLSv1.1\n");
 	BIO_printf(bio_err," -tls1         - Just talk TLSv1\n");
+	BIO_printf(bio_err," -tls          - Talk TLSv1 or above\n");
 	BIO_printf(bio_err," -dtls1        - Just talk DTLSv1\n");
 	BIO_printf(bio_err," -dtls1_2      - Just talk DTLSv1.2\n");
 	BIO_printf(bio_err," -timeout      - Enable timeouts\n");
@@ -1451,6 +1456,8 @@ int MAIN(int argc, char *argv[])
 			{ meth=SSLv3_server_method(); }
 #endif
 #ifndef OPENSSL_NO_TLS1
+		else if	(strcmp(*argv,"-tls") == 0)
+			{ tls_all = 1; }
 		else if	(strcmp(*argv,"-tls1") == 0)
 			{ meth=TLSv1_server_method(); }
 		else if	(strcmp(*argv,"-tls1_1") == 0)
@@ -1800,6 +1807,7 @@ bad:
 	SSL_CTX_set_quiet_shutdown(ctx,1);
 	if (hack) SSL_CTX_set_options(ctx,SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG);
 	if (exc) ssl_ctx_set_excert(ctx, exc);
+	if (tls_all) SSL_CTX_set_options(ctx,SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 	/* DTLS: partial reads end up discarding unread UDP bytes :-( 
 	 * Setting read ahead solves this problem.
 	 */