At 04:26 AM 10/26/2023, Thomas Ward via stunnel-users wrote:

This is not an STunnel issue but an OpenSSL libraries/defaults issue.

Thank you Thomas.

After your input I made some more tests.

Following advice founf in the net, I had already included:

[system_default_sect] CipherString = DEFAULT@SECLEVEL=1

in openssl.cnf

But still it would not work through stunnel.

Today I tried a connection directly from openssl and I managed to succesfully initiate and conclude a proper POP3 dialog with the culprit server.

Then, looking at the messages from openssl, I saw that the connection was established, as expected, by TLSV1 and AES256-SHA protocol. Therefore, I tried to force this in the relevant section of stunnel.conf:

ciphers = AES256-SHA

But with the same result when trying to open the connection through stunnel (5.71)

telnet 127.0.1.1 110 Trying 127.0.1.1... Connected to 127.0.1.1. Escape character is '^]'. Connection closed by foreign host.

With the other servers I can this way estblish a POP3 dialog, as I managed directly through openssl.

What am I missing here?

Thank you for any addition insights!

Stefano