OK, I see you’re using stunnel only on your client and it looks you’re connecting using TLS 1.0 which is deprecated. 

My proposed solution runs stunnel on your server and aims to implement a front end proxy to the imap/smtp product. This can give you the support for new TLS versions and no need to run stunnel on your clients.

regards
Jose


On 9/02/2022, at 12:00 PM, Caterpillar <[email protected]> wrote:

 Thank you Jose, but a few days ago I solved with the following conf file


[thunderbird<->stunnel]
cert = /etc/stunnel/stunnel.pem
sslVersion = TLSv1.3
accept = 50050
connect = 127.0.0.1:50001


[stunnel<->xxxxxx]
client=yes
CApath = /etc/ssl/certs
sslVersion = TLSv1
accept= 127.0.0.1:50001
connect=xxxxxxx:993




and in
/etc/crypto-policies/policies/modules/TLS10.pmod
inserted
=====
protocol = TLS1.1+ TLS1.0+
min_tls_version = TLS1.0
hash = SHA1+
=====

then run command

# update-crypto-policies --set DEFAULT:TLS10