Lighttpd: only SSLv3 enabled, but TLSv1.2 is used

Question

I have a Lighttpd-1.4.33 installation and have to prove the use of SSL and TLS. Therefore, I used the ssl.use-sslv3 and the ssl.cipher-suite parameter.
Please see my lighttpd.conf:

$SERVER["socket"] == ":443" {
server.document-root = "/var/www/"
server.protocol-http11 = "enable"
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/servercert.pem"
ssl.ca-file = "/etc/lighttpd/cacert.pem"
ssl.use-sslv3 = "enable"
}

When I make a request it gives me a TLSv1.2 connection.
Now, ssl.use-sslv3 replaced with the following:

ssl.cipher-list = "NULL-MD5:NULL-SHA:EXP-RC4-MD5:RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA:EXP1024-RC4-SHA"
ssl.honor-cipher-order = "enable"

also gives me a TLSv1.2 connection.

So, my question is:
Is it correct that TLSv1.2 "includes" all ciphers which are used in SSLv3 and therefore its used instead of SSLv3?
Is there any chance to force Lighttpd to refuse TLSv1.2 connections but not SSLv3 if its configured that way?

It is necessary to me to be able to force Lighttpd to use only SSLv3 or TLSv1.0.
Thanks for any help.

The cipher-list is from http://www.openssl.org/docs/apps/ciphers.html#tls_v1_0_cipher_suites_

Answer 1

Ciphersuites normally don't define the protocol version, i.e. you can't enable or disable protocol version by enabling or disabling ciphersuites. If server config allows, you need to explicitly specify the enabled versions of SSL/TLS protocol.

Update: Looking at http://redmine.lighttpd.net/projects/1/wiki/docs_ssl it seems that use-sslv3 parameter also enables all TLS versions.

The forum on Lighttpd.net suggests that while there's no setting [yet] to control TLS versions to use, you can enable only TLS-1.2-specific cipher suites thus kind of forcing TLS 1.2 (the same for TLS 1.1/1.2 combo, I think). I didn't look into the source code so I can't say how this works (if it works at all).

Also here they suggest to set ssl.use-sslv3 parameter to "disable" in order to disable SSL 3 and leave TLS enabled.