The code already does this for SSL2 and SSL3, but tls1_1 and tls1_2 are set to 1 unconditionally. This breaks scripts where the protocols aren't available at build-time, unless the protocols are explicitly disabled on command line (i.e. -tls1.1 false
).
The patch also explicitly names the unavailable protocols so the error message is easier to understand.