[quote user="Thomas R. Stephenson"]
where did you get the info on making the STunnel connection
[/quote]

URI from OP: https://epbfi.com/support/email-setup

[quote]
and the cert files
[/quote]

openssl s_client -showcerts -connect server:port

Having recently switched to a new provider, I began to notice issues with mail client connectivity to their server which with some recent mail server upgrades have completely shut down Pegasus' ability to connect via any means.  The only error received reads "A network error occurred during connection to the host" without any trace information.  One of the provider techs installed Pegasus on his own machine and was similarly unable to get Pegasus to work, but both of us were able to get Outlook and Thunderbird to connect without any apparent issue.  The service provider uses SSL (https://epbfi.com/support/email-setup/), and both the tech and I poured over each setting within the program trying to determine what might be causing the issue.  The final say when this was brought to their server team was that it was probably some security or certificate issue within the program itself.  I have uninstalled and reinstalled the latest version (just as the tech installed the latest version for testing purposes) and I've also tried removing all extraneous possible complications from the equation (firewall, router, etc) with the same effect.

I've been using Pegasus for two decades, now, so I'm kind of partial to the program.   I'd really like to not have to switch to Thunderbird.  Thoughts?  Suggestions?  Help?  =)

[quote user="frenator"]Having recently switched to a new provider, I began to notice issues with mail client connectivity to their server which with some recent mail server upgrades have completely shut down Pegasus' ability to connect via any means.  The only error received reads "A network error occurred during connection to the host" without any trace information.[/quote]

Did you try creating connection logs: Tools => Internet options => General at the bottom, please read the associated help entry before doing so and especially before posting any sensitive data:

Create Internet session logs (advanced diagnostic use only) Checking this control tells Pegasus Mail to create special log files that show the entire exchange of information between it and the servers it connects to. Each session will be created in a file called TCPxxxx.WPM in your home mailbox directory (the "xxxx" is replaced by four digits). Creating session logs will slow down the performance of your system somewhat, and you should be aware that any username and password information exchanged between Pegasus Mail and the server will be shown in the log, *even* if you use SSL to secure the connection. Session logs are primarily useful if you need to debug a problem between Pegasus Mail and one of the servers it connects to - you should enable the option only on instructions from a system administrator or from Pegasus Mail technical support. [ Technical note: this control has thesame effect as using a "-Z 32" commandline switch when you run Pegasus Mail ]

Connection log produced the following:

22: Error -32 activating SSL session (locus 6014, type 4, 'Bad server key agreement parameter signature\ ... ...')

 And I should note: we tried disabling the certificate validation to no avail during our tests.

> 22: Error -32 activating SSL session (locus 6014, type 4, 'Bad server key agreement parameter signature\ ... ...')

Looks like the Pegasus Mail crypto library does not like the server response.  Try using STunnel for Windows to make the connection to the server, I've tested this with a number of SSL servers and it works for me.

re: STunnel

I downloaded, installed, looked through the manual, homepage, and fiddled with the .conf and quickly came to the conclusion that I really wouldn't know how to begin setting up something like STunnel. Unfortunately, that's one or more levels of end user behind the wall experience than I possess -- I'm decent within the constraints of operating program themselves, but when code starts popping up, the water quickly goes over my head. Rather, is there some way I could help ensure Pegasus' crypto library and my provider get along without the need of another program I'd need to have someone else configure and have to keep running behind the scenes?

[quote user="frenator"]
is there some way I could help ensure Pegasus' crypto library and my provider get along
[/quote]

 Ask provider to enable SSL v2.0 cipher suites.

> re: STunnel I downloaded, installed, looked through the manual,
> homepage, and fiddled with the .conf and quickly came to the
> conclusion that I really wouldn't know how to begin setting up
> something like STunnel. Unfortunately, that's one or more levels of
> end user behind the wall experience than I possess -- I'm decent
> within the constraints of operating program themselves, but when code
> starts popping up, the water quickly goes over my head.

Here's a sample stunnel.conf file for making an OpenSSL connection to GMail.  You can probably change this to match the requirements for your ISP pretty easily.  Copy this to notepad and make sure it's saved as plain text in the same directory as STunnel.  I have high lighted the critical parts for a client setup.

------------------------------------------------------------------------------ stunnel.conf -----------------------------------------------------------------------------------
; Sample stunnel configuration file by Michal Trojnara 2002-2006
; Some options used here may not be adequate for your particular configuration

; Certificate/key is needed in server mode and optional in client mode
; The default certificate is provided only for testing and should not
; be used in a production environment
cert = stunnel.pem
;key = stunnel.pem

; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

; Workaround for Eudora bug
;options = DONT_INSERT_EMPTY_FRAGMENTS

; Authentication stuff
;verify = 2
; Don't forget to c_rehash CApath
;CApath = certs
; It's often easier to use CAfile
;CAfile = certs.pem
; Don't forget to c_rehash CRLpath
;CRLpath = crls
; Alternatively you can use CRLfile
;CRLfile = crls.pem

; Some debugging stuff useful for troubleshooting
debug = 7
output = stunnel.log

; Use it for client mode
client = yes

; Service-level configuration

;[pop3s]
;accept  = 995
;connect = 110

;[imaps]
;accept  = 993
;connect = 143

;[ssmtp]
;accept  = 465
;connect = 25

;[https]
;accept  = 443
;connect = 80
;TIMEOUTclose = 0

; vim:ft=dosini

; Client-level configuration

[GMail IMAP4]
accept = 20993
connect = imap.gmail.com:993

[GMail POP3]
accept = 20995
connect = pop.gmail.com:995

[GMail SMTP]
accept = 20465
connect = smtp.gmail.com:465
--------------------------------------------------------------- cut here -----------------------------------------------

> Rather, is there some way I could help ensure Pegasus' crypto library
> and my provider get along without the need of another program I'd need
> to have someone else configure and have to keep running behind the
> scenes?

I have no idea how to do this; your ISP does not answer properly and I've no idea how to tell them to fix the problem.   It may in fact not work with OpenSSL either but since other client can connect I suspect it will work.

Unfortunately, it looks like I'll have to wait and see what Pegasus 5.0 brings.

The system techs and server admins at my provider are now familiar with Pegasus -- doubtlessly an intriguing diversion from their usual tedium of "you're using the wrong port number" -- have been reading through the Pegasus forums and developer updates (hi, guys!) and have even tried to get STunnel to work with Pegasus and their current system configuration without much luck. As for turning on v2.0, I've been informed they have Pegasus' current version of SSL security protocols turned off, intentionally, because of the inherent vulnerabilities and exploits within that ciphersuite. They've been exceedingly helpful, as have you guys. Thank you very much for your patience, time and effort. I look forward to picking Pegasus back up when v5.0 debuts.

[quote user="frenator"]
tried to get STunnel to work with Pegasus and their current system configuration without much luck
[/quote]

See the attached ZIP archive for assistance in setting up stunnel for the EPB mail servers.

> See the attached ZIP archive for assistance in setting up stunnel for the EPB mail servers.

For my own amazement, where did you get the info on making the STunnel connection and the cert files?