[stunnel-users] the connection had to be retried using SSL 3.0. This typically means that the server is using very old software and may have other security issues :(

[Michal Trojnara]

Thomas Manson wrote:
> gmail for example has AES_128_CBC for crypting,
> can we get that without much effort?

Of course.  The option you want is:
     ciphers = AES128-SHA

BTW: Bear in mind that CBC-based ciphers are vulnerable to the Beast 
attack, and thus *less* secure than stunnel default.
     https://www.net-security.org/article.php?id=1638

Mike