The tutorial you're using is too old. You did not specify the OS ans stunnel version you're using, but what you want to achieve can bedone. The flow we need is this:

You need to specify 2 stunnel sections in your config; one to connect your new clients with TLS 1.2 or higher and other to connect to your mail server with TLS 1.1. Something like this: client tls>=1.2)--> stunnel-server_mode --> Stunnel-client_mode --> mail-server (tls1.1)

For example, assuming the following:a) Your stunnel proxy runs on the same machine as your IMAPS/SMTP server with IP address x.y.z.wb) your IMAPS service is listening on port 143 for IMAPS tls1.1 and the service listens in IP 127.0.0.1 (loopback) c) you want to test TLS 1.2 or later by connecting to port 993 for IMAPSd) We use auxiliary port 1143 on loopback interface (any free port will do).

then, the config should include something like:

sslVersion = alloptions = NO_SSLv2 options = NO_SSLv3

[imaps-external]accept=x.y.z.w:993connect=127.0.0.1:1143 client=nooptions = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1

[imaps-backend]accept=127.0.0.1:1143connect=127.0.0.1:143client=yes

Hope this is helpful.

Regards,Jose

On Monday, January 31, 2022, 09:16:55 AM GMT-5, Caterpillar caterpillar86@gmail.com wrote:

Good day. I need to be able to use Thunderbird to connect to a mail server (IMAP/SMTP) that has an obsolete TLS version (1.1) and I don't want to low the TLS minimum version on my computers. For this need I would like to use stunnel between Thunderbid clients and the mail server. I tried to use tutorial [1] plus "sslVersion = all" option, but I think the guide is quite incomplete. Do you have any other guide/tutoral that is more complete? Thank you

[1]: https://petermolnar.com/secure-smtp-and-imap-sessions-with-stunnel/ _______________________________________________ stunnel-users mailing list -- stunnel-users@stunnel.org To unsubscribe send an email to stunnel-users-leave@stunnel.org