OK, I see you’re using stunnel only on your client and it looks you’re connecting using TLS 1.0 which is deprecated.
My proposed solution runs stunnel on your server and aims to implement a front end proxy to the imap/smtp product. This can give you the support for new TLS versions and no need to run stunnel on your clients. regards Jose > On 9/02/2022, at 12:00 PM, Caterpillar <[email protected]> wrote: > > Thank you Jose, but a few days ago I solved with the following conf file > > > [thunderbird<->stunnel] > cert = /etc/stunnel/stunnel.pem > sslVersion = TLSv1.3 > accept = 50050 > connect = 127.0.0.1:50001 > > > [stunnel<->xxxxxx] > client=yes > CApath = /etc/ssl/certs > sslVersion = TLSv1 > accept= 127.0.0.1:50001 > connect=xxxxxxx:993 > > > > > and in > /etc/crypto-policies/policies/modules/TLS10.pmod > inserted > ===== > protocol = TLS1.1+ TLS1.0+ > min_tls_version = TLS1.0 > hash = SHA1+ > ===== > > then run command > > # update-crypto-policies --set DEFAULT:TLS10 >
_______________________________________________ stunnel-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
