Sorry for waking up this old thread but it is one of the first matches on an Internet search.
This is possible in chan_sip via tlsclientmethod=sslv23 (in chan_sip, the default value) and tlsdisablev1=yes (in chan_sip, SSL 2.0 and SSL 3.0 are disabled on default).
This does not work with chan_pjsip, yet. With chan_pjsip, I see three alternatives:
A) configure/build the whole OpenSSL not to use older versions, or
B) build PJSIP while you define PJ_SSL_SOCK_OSSL_CIPHERS
The latter requires at least OpenSSL 1.1.x and SECLEVEL=3, for example (source). Then, set method=sslv23 and remove any ciphers= in your pjsip.conf, otherwise you remove the level. In the file third-party/pjproject/patches/config_site.h you add:
#define PJ_SSL_SOCK_OSSL_CIPHERS "HIGH:-COMPLEMENTOFDEFAULT@SECLEVEL=3"
Then, make and install your Asterisk again.
C) If level 3 is too high in your scenario and changing OpenSSL is no option either, you have to change the source code of Asterisk (currently 13.27.0): Undo Gerrit 2783 and add:
#define PJSIP_SSL_DEFAULT_PROTO 0xFFF8
to your config_site.h. The last three bits are zero to disable SSL 2.0, SSL 3.0, and TLS 1.0. If you use OpenSSL 1.1 or newer, you have to change the source code of the PJSIP (currently 2.8) as well: remove the line ssl_method = (SSL_METHOD*)TLS_method(); in the file ssl_sock_ossl.c.