Hi, I have Pegasus 4.8 on Windows server 2019 standard evaluation and try POP with Google App Password. I have 2-Step Verification enabled and created App password for Pegasus. I copied it and paste into Internet option - Receiving - password. Copied with empty space and also without empty space.

I have server host - pop.gmail.com
user name xxx.xxxx@gmail.com
port 995
security - via direct SSL connect
no other configuration checked

I also searched google with this issue and I have all correct. But still Pegasus is not able to connect to mail mailbox ...

11:38:03.478: --- 2 Aug 2025, 11:38:03.478 ---
11:38:03.478: Connect to 'pop.gmail.com', timeout 30 seconds.
11:38:04.511: [!] OpenSSL reported error -1/5 during handshake - diagnostics follow:
11:38:04.511: [!] -------------------------------------------------------------------------
11:38:04.511: [!] * OpenSSL supplied no extended diagnostic information.
11:38:04.511: [!] -------------------------------------------------------------------------

ping pop.gmail.com is ok
telnet pop.gmail.com 995 ok

also I tried disable windows FW

Maybe someone had same issue and there is some trick?

thanks

Quick question? Did you change your gmail password? Doing that on web site (I believe) would require you to recreated the App password, since change makes that invalid.

I use Public Beta 3, not sure if 4.80 and 4.81pb3 have different openssl?
I also use stunnel to do connection with log level 7 set. It gave a like 70 line log results with connection with 1 message from gmail. Not sure what log level the built in openssl has.
Pegasus just connects to port on 127.0.0.1 that get tunneled to the pop.gmail.com

 stunnel[1609]: LOG7[57]: Service [gmailpop] started
 stunnel[1609]: LOG7[57]: Setting local socket options (FD=3)
 stunnel[1609]: LOG7[57]: Option TCP_NODELAY set on local socket
 stunnel[1609]: LOG5[57]: Service [gmailpop] accepted connection from 127.0.0.1:36626
 stunnel[1609]: LOG6[57]: failover: priority, starting at entry #0
 stunnel[1609]: LOG6[57]: s_connect: connecting 142.250.101.109:995
 stunnel[1609]: LOG7[57]: s_connect: s_poll_wait 142.250.101.109:995: waiting 10 seconds
 stunnel[1609]: LOG7[57]: FD=6 events=0x2001 revents=0x0
 stunnel[1609]: LOG7[57]: FD=17 events=0x2005 revents=0x0
 stunnel[1609]: LOG5[57]: s_connect: connected 142.250.101.109:995
 stunnel[1609]: LOG5[57]: Service [gmailpop] connected remote server from 192.168.1.16:43590
 stunnel[1609]: LOG7[57]: Setting remote socket options (FD=17)
 stunnel[1609]: LOG7[57]: Option TCP_NODELAY set on remote socket
 stunnel[1609]: LOG7[57]: Remote descriptor (FD=17) initialized
 stunnel[1609]: LOG6[57]: SNI: sending servername: pop.gmail.com
 stunnel[1609]: LOG6[57]: Attempting to resume: 37B9F9296AB547A532F41CFB3AF4C1B48F36EAD1A919C84CE8D0
 stunnel[1609]: LOG6[57]: Peer certificate required
 stunnel[1609]: LOG7[57]: TLS state (connect): before SSL initialization
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS write client hello
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS write client hello
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS read server hello
 stunnel[1609]: LOG7[57]: TLS state (connect): TLSv1.3 read encrypted extensions
 stunnel[1609]: LOG7[57]: OCSP stapling: Client callback called
 stunnel[1609]: LOG7[57]: OCSP: Skipped OCSP stapling (previous session reused)
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS read finished
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS write change cipher spec
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS write finished
 stunnel[1609]: LOG7[57]: Remove session callback
 stunnel[1609]: LOG7[57]:     20 client connect(s) requested
 stunnel[1609]: LOG7[57]:     20 client connect(s) succeeded
 stunnel[1609]: LOG7[57]:      0 client renegotiation(s) requested
 stunnel[1609]: LOG7[57]:     19 session reuse(s)
 stunnel[1609]: LOG6[57]: TLS connected: previous session reused
 stunnel[1609]: LOG6[57]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption)
 stunnel[1609]: LOG6[57]: Peer temporary key: X25519, 253 bits
 stunnel[1609]: LOG7[57]: Compression: null, expansion: null
 stunnel[1609]: LOG6[57]: Session id: 37B9F9296AB547A532F41CFB3AF4C1B48F36EAD1A919C84CE8D0375C95D808
 stunnel[1609]: LOG7[57]: TLS state (connect): SSL negotiation finished successfully
 stunnel[1609]: LOG7[57]: TLS state (connect): SSL negotiation finished successfully
 stunnel[1609]: LOG7[57]: Initializing application specific data for session authenticated
 stunnel[1609]: LOG7[57]: New session callback
 stunnel[1609]: LOG7[57]: Deallocating application specific data for session connect address
 stunnel[1609]: LOG7[57]: Initializing application specific data for session authenticated
 stunnel[1609]: LOG7[57]: Deallocating application specific data for session connect address
 stunnel[1609]: LOG7[57]: Initializing application specific data for session authenticated
 stunnel[1609]: LOG6[57]: Session id: AD3838FEADE985F62A42AED2FAFCBB49364BED297D9CC8B2FF86BD53C2A535
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS read server session ticket
 stunnel[1609]: LOG7[57]: TLS state (connect): SSL negotiation finished successfully
 stunnel[1609]: LOG7[57]: TLS state (connect): SSL negotiation finished successfully
 stunnel[1609]: LOG7[57]: Initializing application specific data for session authenticated
 stunnel[1609]: LOG7[57]: Deallocating application specific data for session connect address
 stunnel[1609]: LOG7[57]: New session callback
 stunnel[1609]: LOG7[57]: Deallocating application specific data for session connect address
 stunnel[1609]: LOG7[57]: Initializing application specific data for session authenticated
 stunnel[1609]: LOG7[57]: Deallocating application specific data for session connect address
 stunnel[1609]: LOG7[57]: Initializing application specific data for session authenticated
 stunnel[1609]: LOG6[57]: Session id: C0802A23A07A2A7CFDD4C5B9202559A8F944E25CC511BBA44642685362B4E1
 stunnel[1609]: LOG7[57]: TLS state (connect): SSLv3/TLS read server session ticket
 stunnel[1609]: LOG6[57]: TLS socket closed (read hangup)
 stunnel[1609]: LOG7[57]: Sent socket write shutdown
 stunnel[1609]: LOG6[57]: Read socket closed (readsocket)
 stunnel[1609]: LOG7[57]: Sending close_notify alert
 stunnel[1609]: LOG7[57]: TLS alert (write): warning: close notify
 stunnel[1609]: LOG6[57]: SSL_shutdown successfully sent close_notify alert
 stunnel[1609]: LOG5[57]: Connection closed: 73 byte(s) sent to TLS, 71566 byte(s) sent to socket
 stunnel[1609]: LOG7[57]: Deallocating application specific data for session connect address
 stunnel[1609]: LOG7[57]: Remote descriptor (FD=17) closed
 stunnel[1609]: LOG7[57]: Local descriptor (FD=3) closed
 stunnel[1609]: LOG7[57]: Service [gmailpop] finished (0 left)

I routinely receive this error, but the connection then works fine on the next try, or sometime shortly later. I don't have an explanation for what causes it.

Based on what you posted, your settings look fine. The connection does not reach the point of authentication so we don't yet know whether there is an authentication issue. I hope it is just a transient issue between you and whatever Google server you are hitting. You can enable internet session logging to see if a log shows any additional details.

• That setting is in Tools>Internet Options, at the bottom of the General tab.
• You will find the log files in a "TCPLogs" directory located in your mailbox directory.
• The log files contain an extension that indicates the type of connection that created the log.
• The files are plain text so can be view with a text editor.IMPORTANT: Authentication credentials are recorded log files, sometimes encrypted, but in an easily decryptable form so do not post an entire log file. Normally the point of failure is apparent but if not, post back for specific advise on what to exclude from the log content before posting it.
• Don't forget to turn internet session logging back off.