OK, I see you’re using stunnel only on your client and it looks you’re connecting using TLS 1.0 which is deprecated.
My proposed solution runs stunnel on your server and aims to implement a front end proxy to the imap/smtp product. This can give you the support for new TLS versions and no need to run stunnel on your clients.
regards Jose
On 9/02/2022, at 12:00 PM, Caterpillar caterpillar86@gmail.com wrote:
Thank you Jose, but a few days ago I solved with the following conf file
[thunderbird<->stunnel] cert = /etc/stunnel/stunnel.pem sslVersion = TLSv1.3 accept = 50050 connect = 127.0.0.1:50001
[stunnel<->xxxxxx] client=yes CApath = /etc/ssl/certs sslVersion = TLSv1 accept= 127.0.0.1:50001 connect=xxxxxxx:993
and in /etc/crypto-policies/policies/modules/TLS10.pmod inserted ===== protocol = TLS1.1+ TLS1.0+ min_tls_version = TLS1.0 hash = SHA1+ =====
then run command
# update-crypto-policies --set DEFAULT:TLS10