Yeah, compatibility can be a problem. The cipher list I used for
M2Crypto was recommended in the book Network Security with OpenSSL (I
think). Besides removing unsafe ciphers, it orders the remaining ciphers
from strongest to weakest, based on the hope/assumption/practice that
peers will hopefully select the first matching cipher. It is not
foolproof, though, so for truly compatible application you'd probably
need to try with different ciphers lists if you run into errors.
However, I have never run into a problem myself with that list, nor has
anyone reported any bugs against M2Crypto because of that.

Defaulting to TLSv1 should select a better cipher list than otherwise,
but I would be a bit concerned about that in turn being an even bigger
compatibility issue. I guess I could ask around.