The tutorial you're using is too old. You did not specify the OS ans stunnel version you're using, but what you want to achieve can bedone. The flow we need is this:

You need to specify 2 stunnel sections in your config; one to connect your new clients with TLS 1.2 or higher and other to connect to your mail server with TLS 1.1. Something like this:

client tls>=1.2)--> stunnel-server_mode --> Stunnel-client_mode --> mail-server (tls1.1)

For example, assuming the following:

a) Your stunnel proxy runs on the same machine as your IMAPS/SMTP server with IP address x.y.z.w

b) your IMAPS service is listening on port 143 for IMAPS tls1.1 and the service listens in IP 127.0.0.1 (loopback)

c) you want to test TLS 1.2 or later by connecting to port 993 for IMAPS

d) We use auxiliary port 1143 on loopback interface (any free port will do).

then, the config should include something like:

sslVersion = all

options = NO_SSLv2
options = NO_SSLv3

[imaps-external]

accept=x.y.z.w:993

connect=127.0.0.1:1143

client=no

options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1

[imaps-backend]

accept=127.0.0.1:1143

connect=127.0.0.1:143

client=yes

Hope this is helpful.

Regards,

Jose

On Monday, January 31, 2022, 09:16:55 AM GMT-5, Caterpillar <caterpillar86@gmail.com> wrote:

Good day.

I need to be able to use Thunderbird to connect to a mail server

(IMAP/SMTP) that has an obsolete TLS version (1.1) and I don't want to

low the TLS minimum version on my computers.

For this need I would like to use stunnel between Thunderbid clients and

the mail server. I tried to use tutorial [1] plus "sslVersion = all"

option, but I think the guide is quite incomplete.

Do you have any other guide/tutoral that is more complete?

Thank you

[1]: https://petermolnar.com/secure-smtp-and-imap-sessions-with-stunnel/

_______________________________________________

stunnel-users mailing list -- stunnel-users@stunnel.org

To unsubscribe send an email to stunnel-users-leave@stunnel.org