2013/10/15 Ben Stover bxstover@yahoo.co.uk:

When I try to connect to one of my mailboxes I get a return:

SSL_connect: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number Connection reset: 0 byte(s) sent to SSL, 0 byte(s) sent to socket

What does that mean?

in stunnel.conf I set the global parameter:

options = NO_SSLv2

This works in general. But for the mentioned email provider it could mean that he allows only SSLv2. Is this the reason?

Where is described what is inscure at SSLv2?

How can I allow for that particular email provider SSLv2 but disallow for all others?

It is extremely unlikely that this has anything to do with SSLv2. SSLv2 is so old that there are practically no services in the Internet that support only it (however some do allow SSLv2 in addition to newer ones). Some of the most important SSLv2 flaws are explained on Wikipedia: http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_2.0

What stopped you from temporarily removing the global option and verifying if this has anything to do with SSLv2? Most probably it still will not work (the "SSL3_GET_RECORD:wrong version number" message is misleading usually).

On 2013-10-15 22:21, Ben Stover wrote:

Where is described what is inscure at SSLv2?

A simple (and mostly correct) explanation is here: http://tools.ietf.org/html/rfc6176

Mike