There are three primary cryptographic changes between SSLv3 and
TLS:
at least one other significant change comes to mind - TLS requires
implementation of TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA.
True, but this isn't a *cryptographic* change, it's simply a policy
change. SSLv3 included an equivalent cipher suite.
In any case, I don't really see why this change is relevant to this
discussion: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA is a must *implement*,
not a must *speak*. Since most servers have RSA certificates, even if
the implementation supports DSS ciphersuites, in practice the servers
do not. An implementation certainly cannot support only
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA and have any confidence
that it will be able to interoperate with other implementations
in practice.
-Ekr