Community Discussions and Support
SSL error with the GMX email service provider and Pegasus Mail
SSL error GMX Stunnel PM 4.41 PM upgrade TSL

This are the requiered settings for pop3 and smtp data from gmx.com. Please try this settings and activate ssl:

Please read carefully what this thread is about, PMX: It's not about a Pegasus Mail version being capable of dealing with current authentication algorithms, it's about an older version which needs special support since it supports a French user interface that current Pegasus Mail versions don't do anymore.


[quote="pid:56158, uid:29380"]This are the requiered settings for pop3 and smtp data from gmx.com. Please try this settings and activate ssl:[/quote] Please read carefully what this thread is about, PMX: It's not about a Pegasus Mail version being capable of dealing with current authentication algorithms, it's about an older version which needs special support since it supports a French user interface that current Pegasus Mail versions don't do anymore.
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

Made a GMX.COM email address, so did tests to get it to work with the stunnel.
First problem I had was had to turn on the pop and smtp option since it was blocked??
These are settings I did for the stunnel.conf
The OCSPaia is set to no since was getting failure to respond with GMX?
Works from with gmail and guam.net??


Mike, since I'm not familiar with setting up stunnel I'm as clueless as anyone else about doing so. I'm trying to understand what you're doing there, and unfortunately I don't, so here are my questions on behalf of a common non-techy user:


So where are these first two sections without a dialog screenshot coming from, where would one have to enter these data below [gmxpop] and [gmxsmtp]?


Then what is it with the "preface" you wrote:



Made a GMX.COM email address, so did tests to get it to work with the stunnel.
First problem I had was had to turn on the pop and smtp option since it was blocked??
These are settings I did for the stunnel.conf
The OCSPaia is set to no since was getting failure to respond with GMX?
Works from with gmail and guam.net??



Which ones of these sentences followed by question marks are real questions anyone needs to answer, which ones are rhetorical ones you're asking yourself or not sure whether you're right or not? If there was a problem with pop and smtp, how did you get around it? Who or what "blocked"? What is OCSP about? Does it now work or doesn't it or are you not sure because of the two final question marks? What is this last one trying to say at all? What would gmail have to deal with gmx?


And finally "CApath = /etc/ssl/certs" is a Linux path, isn't it? What would be needed to put in there on Windows?


[quote="pid:56156, uid:2546"]Made a GMX.COM email address, so did tests to get it to work with the stunnel. First problem I had was had to turn on the pop and smtp option since it was blocked?? These are settings I did for the stunnel.conf The OCSPaia is set to no since was getting failure to respond with GMX? Works from with gmail and guam.net??[/quote] Mike, since I'm not familiar with setting up stunnel I'm as clueless as anyone else about doing so. I'm trying to understand what you're doing there, and unfortunately I don't, so here are my questions on behalf of a common non-techy user: So where are these first two sections without a dialog screenshot coming from, where would one have to enter these data below [gmxpop] and [gmxsmtp]? Then what is it with the "preface" you wrote: > Made a GMX.COM email address, so did tests to get it to work with the stunnel. First problem I had was had to turn on the pop and smtp option since it was blocked?? These are settings I did for the stunnel.conf The OCSPaia is set to no since was getting failure to respond with GMX? Works from with gmail and guam.net?? Which ones of these sentences followed by question marks are real questions anyone needs to answer, which ones are rhetorical ones you're asking yourself or not sure whether you're right or not? If there was a problem with pop and smtp, how did you get around it? Who or what "blocked"? What is OCSP about? Does it now work or doesn't it or are you not sure because of the two final question marks? What is this last one trying to say at all? What would gmail have to deal with gmx? And finally "CApath = /etc/ssl/certs" is a Linux path, isn't it? What would be needed to put in there on Windows?
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C
edited Nov 19 '23 at 5:25 pm

Earlier reply talked about installing the stunnel program that includes the openssl 3.x version compared with the later Pegasus that has the openssl build-in with the 1.1.1k? version that supports the newer ssl connections that the older Pegasus that has French language extension doesn't. Think version 4.41, but seems the language extension works with up to 4.63 verion?


The stunnel setup installs the stunnel and openssl, but it requires an stunnel.conf file to configure the port mapping.


/Program Files (x86)/stunnel/config/stunnel.conf
Is the location of the file in windows and it is a simple text file.
In earlier message, I had posted my gmail configuration, but went ahead and created a gmx.com email account, and the options turned out to be a little different.


[gmxpop]
client=yes
accept = 127.0.0.1:10995
connect = pop.gmx.com:995
debug = 3
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = pop.gmx.com
OCSPaia = no


[gmxsmtp]
client=yes
accept = 127.0.0.1:10465
connect = mail.gmx.com:465
debug = 3
verifyChain = yes
CApath = /etc/ssl/certs
checkHost = mail.gmx.com
OCSPaia = no


Probable could just use since the other lines are to check for man in the middle possible attacks?


[gmxpop]
client=yes
accept = 127.0.0.1:10995
connect = pop.gmx.com:995
debug = 3


[gmxsmtp]
client=yes
accept = 127.0.0.1:10465
connect = mail.gmx.com:465
debug = 3


The Stunnel makes a local port connect to the remote port via an ssl connection, and uses the later 3.x version of openssl.


In linux the stunnel.conf file is located in /etc/stunnel/stunnel.conf.
With my setup, I use the linux stunnel to handle the connection versus using stunnel under wine.
Pegasus makes connection to local port that it does as local non-ssl connection, then stunnel takes the access from there to the ssl connection.


20:22:37.048: --- 19 Nov 2023, 20:22:37.048 ---
20:22:37.074: Connect to '127.0.0.1', timeout 30 seconds, flags 16842753.
20:22:48.123: >> +OK POP server ready H migmx102 1MaJzh-1qsCcN3T4X-00WsiK<cr><lf>
20:22:48.123: << USER msetzerii@gmx.com<cr><lf>
20:22:48.381: >> +OK password required for user "msetzerii@gmx.com"<cr><lf>
20:22:48.381: << PASS deleted.
20:22:48.732: >> +OK mailbox "msetzerii@gmx.com" has 0 messages (0 octets) H migmx102<cr><lf>
20:22:48.741: << STAT<cr><lf>
20:22:49.007: >> +OK 0 0<cr><lf>
20:22:49.007: << QUIT<cr><lf>
20:22:49.266: >> +OK POP server signing off<cr><lf>
20:22:49.270: --- Connection closed at 19 Nov 2023, 20:22:49.270. ---
20:22:49.270:


For me, I have stunnel setup for my 3 email accounts now. Local ISP guam.net, gmail using special password acccount, and now the GMX account. So has 3 sets of ports.


Pegasus runs everything thru the 127.0.0.1 with the appropriate ports.


Earlier reply talked about installing the stunnel program that includes the openssl 3.x version compared with the later Pegasus that has the openssl build-in with the 1.1.1k? version that supports the newer ssl connections that the older Pegasus that has French language extension doesn&#039;t. Think version 4.41, but seems the language extension works with up to 4.63 verion? The stunnel setup installs the stunnel and openssl, but it requires an stunnel.conf file to configure the port mapping. /Program Files (x86)/stunnel/config/stunnel.conf Is the location of the file in windows and it is a simple text file. In earlier message, I had posted my gmail configuration, but went ahead and created a gmx.com email account, and the options turned out to be a little different. [gmxpop] client=yes accept = 127.0.0.1:10995 connect = pop.gmx.com:995 debug = 3 verifyChain = yes CApath = /etc/ssl/certs checkHost = pop.gmx.com OCSPaia = no [gmxsmtp] client=yes accept = 127.0.0.1:10465 connect = mail.gmx.com:465 debug = 3 verifyChain = yes CApath = /etc/ssl/certs checkHost = mail.gmx.com OCSPaia = no Probable could just use since the other lines are to check for man in the middle possible attacks? [gmxpop] client=yes accept = 127.0.0.1:10995 connect = pop.gmx.com:995 debug = 3 [gmxsmtp] client=yes accept = 127.0.0.1:10465 connect = mail.gmx.com:465 debug = 3 The Stunnel makes a local port connect to the remote port via an ssl connection, and uses the later 3.x version of openssl. In linux the stunnel.conf file is located in /etc/stunnel/stunnel.conf. With my setup, I use the linux stunnel to handle the connection versus using stunnel under wine. Pegasus makes connection to local port that it does as local non-ssl connection, then stunnel takes the access from there to the ssl connection. 20:22:37.048: --- 19 Nov 2023, 20:22:37.048 --- 20:22:37.074: Connect to &#039;127.0.0.1&#039;, timeout 30 seconds, flags 16842753. 20:22:48.123: &gt;&gt; +OK POP server ready H migmx102 1MaJzh-1qsCcN3T4X-00WsiK&lt;cr&gt;&lt;lf&gt; 20:22:48.123: &lt;&lt; USER msetzerii@gmx.com&lt;cr&gt;&lt;lf&gt; 20:22:48.381: &gt;&gt; +OK password required for user &quot;msetzerii@gmx.com&quot;&lt;cr&gt;&lt;lf&gt; 20:22:48.381: &lt;&lt; PASS deleted. 20:22:48.732: &gt;&gt; +OK mailbox &quot;msetzerii@gmx.com&quot; has 0 messages (0 octets) H migmx102&lt;cr&gt;&lt;lf&gt; 20:22:48.741: &lt;&lt; STAT&lt;cr&gt;&lt;lf&gt; 20:22:49.007: &gt;&gt; +OK 0 0&lt;cr&gt;&lt;lf&gt; 20:22:49.007: &lt;&lt; QUIT&lt;cr&gt;&lt;lf&gt; 20:22:49.266: &gt;&gt; +OK POP server signing off&lt;cr&gt;&lt;lf&gt; 20:22:49.270: --- Connection closed at 19 Nov 2023, 20:22:49.270. --- 20:22:49.270: For me, I have stunnel setup for my 3 email accounts now. Local ISP guam.net, gmail using special password acccount, and now the GMX account. So has 3 sets of ports. Pegasus runs everything thru the 127.0.0.1 with the appropriate ports.

mikes@guam.net

One other little thing. Think I mentioned it in one message, but in case I didn't.
Will need to either setup stunnel to be run on startup, or need to run it manually before Pegasus will be able to use it. With linux it is setup as a service.


systemctl status stunnel.service
● stunnel.service - TLS tunnel for network daemons
Loaded: loaded (/usr/lib/systemd/system/stunnel.service; enabled; preset: disabled)
Drop-In: /usr/lib/systemd/system/service.d
└─10-timeout-abort.conf
Active: active (running) since Mon 2023-11-20 17:26:52 ChST; 9min ago
Process: 134865 ExecStart=/usr/bin/stunnel (code=exited, status=0/SUCCESS)
Main PID: 135958 (stunnel)
Tasks: 3 (limit: 18927)
Memory: 3.6M
CPU: 2.864s
CGroup: /system.slice/stunnel.service
└─135958 /usr/bin/stunnel


Nov 20 17:26:49 setzconote.dyndns.org systemd[1]: Starting stunnel.service - TLS tunnel for network daemons...
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: stunnel 5.71 on x86_64-redhat-linux-gnu platform
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Compiled/running with OpenSSL 3.0.9 30 May 2023
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Threading: PTHREAD Sockets: POLL,IPv6,SYSTEMD TLS:ENGINE>
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.c>
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: UTF-8 byte order mark not detected
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: FIPS mode disabled
Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Configuration successful
Nov 20 17:26:52 setzconote.dyndns.org systemd[1]: Started stunnel.service - TLS tunnel for network daemons.
lines 1-22/22 (END)


Been long time since I've run M$ windows, but don't think startup is difficult??


One other little thing. Think I mentioned it in one message, but in case I didn&#039;t. Will need to either setup stunnel to be run on startup, or need to run it manually before Pegasus will be able to use it. With linux it is setup as a service. systemctl status stunnel.service ● stunnel.service - TLS tunnel for network daemons Loaded: loaded (/usr/lib/systemd/system/stunnel.service; enabled; preset: disabled) Drop-In: /usr/lib/systemd/system/service.d └─10-timeout-abort.conf Active: active (running) since Mon 2023-11-20 17:26:52 ChST; 9min ago Process: 134865 ExecStart=/usr/bin/stunnel (code=exited, status=0/SUCCESS) Main PID: 135958 (stunnel) Tasks: 3 (limit: 18927) Memory: 3.6M CPU: 2.864s CGroup: /system.slice/stunnel.service └─135958 /usr/bin/stunnel Nov 20 17:26:49 setzconote.dyndns.org systemd[1]: Starting stunnel.service - TLS tunnel for network daemons... Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: stunnel 5.71 on x86_64-redhat-linux-gnu platform Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Compiled/running with OpenSSL 3.0.9 30 May 2023 Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Threading: PTHREAD Sockets: POLL,IPv6,SYSTEMD TLS:ENGINE&gt; Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.c&gt; Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: UTF-8 byte order mark not detected Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: FIPS mode disabled Nov 20 17:26:52 setzconote.dyndns.org stunnel[134865]: LOG5[ui]: Configuration successful Nov 20 17:26:52 setzconote.dyndns.org systemd[1]: Started stunnel.service - TLS tunnel for network daemons. lines 1-22/22 (END) Been long time since I&#039;ve run M$ windows, but don&#039;t think startup is difficult??

mikes@guam.net

Been long time since I've run M$ windows, but don't think startup is difficult??

If it's just another executable you could do it via AutoStart, as a service I don't know, but shouldn't stunnel be coming with some setup instructions?


[quote=&quot;pid:56167, uid:2546&quot;]Been long time since I&#039;ve run M$ windows, but don&#039;t think startup is difficult??[/quote] If it&#039;s just another executable you could do it via AutoStart, as a service I don&#039;t know, but shouldn&#039;t stunnel be coming with some setup instructions?
			Michael
--
IERenderer's Homepage
PGP Key ID (RSA 2048): 0xC45D831B
S/MIME Fingerprint: 94C6B471 0C623088 A5B27701 742B8666 3B7E657C

Was an earlier message with the info to install the stunnel or the web pages
https://www.stunnel.org
https://www.stunnel.org/downloads.html


The installation process does the installation of the stunnel and openssl 3.x so that is automatic.
As I saw it, it doesn't put it in autostart or make it a service.
A user might only want to activate it on an as needed bases rather than wanting it to auto load at boot. With linux one just does
systemctl enable stunnel
systemctl start stunnel


and system will then autoload it on future starts


or one could add stunnel to the rc.local file if that is used on setup?


With windows a link to stunnel in autostart would do same.


Know the linux version of openssl is at 3.09, but the windows might still be at 3.08.
Latest Pegasus Help mentions it has openssl 1.1.1k version.


Was an earlier message with the info to install the stunnel or the web pages https://www.stunnel.org https://www.stunnel.org/downloads.html The installation process does the installation of the stunnel and openssl 3.x so that is automatic. As I saw it, it doesn&#039;t put it in autostart or make it a service. A user might only want to activate it on an as needed bases rather than wanting it to auto load at boot. With linux one just does systemctl enable stunnel systemctl start stunnel and system will then autoload it on future starts or one could add stunnel to the rc.local file if that is used on setup? With windows a link to stunnel in autostart would do same. Know the linux version of openssl is at 3.09, but the windows might still be at 3.08. Latest Pegasus Help mentions it has openssl 1.1.1k version.

mikes@guam.net

Just for info. With debug set to level 7 This is what a pop3 connection puts in secure log file.


LOG5[ui]: stunnel 5.71 on x86_64-redhat-linux-gnu platform
LOG5[ui]: Compiled/running with OpenSSL 3.0.9 30 May 2023
LOG5[ui]: ThreadingsmileTHREAD SocketssmileOLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI
LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf
LOG5[ui]: UTF-8 byte order mark not detected
LOG5[ui]: FIPS mode disabled
LOG5[ui]: Configuration successful
LOG7[0]: Service [gmxpop] started
LOG7[0]: Setting local socket options (FD=3)
LOG7[0]: Option TCP_NODELAY set on local socket
LOG5[0]: Service [gmxpop] accepted connection from 127.0.0.1:60398
LOG6[0]: failover: priority, starting at entry #0
LOG6[0]: s_connect: connecting 212.227.17.171:995
LOG7[0]: s_connect: s_poll_wait 212.227.17.171:995: waiting 10 seconds
LOG7[0]: FD=6 events=0x2001 revents=0x0
LOG7[0]: FD=16 events=0x2005 revents=0x0
LOG5[0]: s_connect: connected 212.227.17.171:995
LOG5[0]: Service [gmxpop] connected remote server from 192.168.10.100:56052
LOG7[0]: Setting remote socket options (FD=16)
LOG7[0]: Option TCP_NODELAY set on remote socket
LOG7[0]: Remote descriptor (FD=16) initialized
LOG6[0]: SNI: sending servername: pop.gmx.com
LOG6[0]: Peer certificate required
LOG7[0]: TLS state (connect): before SSL initialization
LOG7[0]: Initializing application specific data for session authenticated
LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
LOG7[0]: TLS state (connect): SSLv3/TLS read server hello
LOG7[0]: TLS state (connect): TLSv1.3 read encrypted extensions
LOG7[0]: Verification started at depth=2: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
LOG7[0]: CERT: Pre-verification succeeded
LOG7[0]: OCSP: Ignoring the root certificate
LOG6[0]: Certificate accepted at depth=2: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
LOG7[0]: Verification started at depth=1: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1
LOG7[0]: CERT: Pre-verification succeeded
LOG6[0]: Certificate accepted at depth=1: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1
LOG7[0]: Verification started at depth=0: C=DE, ST=Rheinland-Pfalz, L=Montabaur, O=1&1 Mail & Media GmbH, CN=mout.gmx.com
LOG7[0]: CERT: Pre-verification succeeded
LOG6[0]: CERT: Host name "pop.gmx.com" matched with "pop.gmx.com"
LOG7[0]: OCSP: Waiting for OCSP stapling response
LOG5[0]: Certificate accepted at depth=0: C=DE, ST=Rheinland-Pfalz, L=Montabaur, O=1&1 Mail & Media GmbH, CN=mout.gmx.com
LOG7[0]: TLS state (connect): SSLv3/TLS read server certificate
LOG7[0]: TLS state (connect): TLSv1.3 read server certificate verify
LOG7[0]: OCSP stapling: Client callback called
LOG3[0]: OCSP: No OCSP stapling response received
LOG7[0]: TLS state (connect): SSLv3/TLS read finished
LOG7[0]: TLS state (connect): SSLv3/TLS write change cipher spec
LOG7[0]: TLS state (connect): SSLv3/TLS write finished
LOG7[0]: 1 client connect(s) requested
LOG7[0]: 1 client connect(s) succeeded
LOG7[0]: 0 client renegotiation(s) requested
LOG7[0]: 0 session reuse(s)
LOG6[0]: TLS connected: new session negotiated
LOG6[0]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption)
LOG6[0]: Peer temporary key: X25519, 253 bits
LOG7[0]: Compression: null, expansion: null
LOG7[0]: TLS alert (read): warning: close notify
LOG6[0]: TLS closed (SSL_read)
LOG7[0]: Sent socket write shutdown
LOG6[0]: Read socket closed (readsocket)
LOG7[0]: Sending close_notify alert
LOG7[0]: TLS alert (write): warning: close notify
LOG6[0]: SSL_shutdown successfully sent close_notify alert
LOG5[0]: Connection closed: 58 byte(s) sent to TLS, 217 byte(s) sent to socket
LOG7[0]: Deallocating application specific data for session connect address
LOG7[0]: Remote descriptor (FD=16) closed
LOG7[0]: Local descriptor (FD=3) closed
LOG7[0]: Service [gmxpop] finished (0 left)


At debug level 3 which is default doesn't list much.
Just interesting. Don't know all details.
Assume similar under windows.


Just for info. With debug set to level 7 This is what a pop3 connection puts in secure log file. LOG5[ui]: stunnel 5.71 on x86_64-redhat-linux-gnu platform LOG5[ui]: Compiled/running with OpenSSL 3.0.9 30 May 2023 LOG5[ui]: Threading:PTHREAD Sockets:POLL,IPv6,SYSTEMD TLS:ENGINE,FIPS,OCSP,PSK,SNI LOG5[ui]: Reading configuration from file /etc/stunnel/stunnel.conf LOG5[ui]: UTF-8 byte order mark not detected LOG5[ui]: FIPS mode disabled LOG5[ui]: Configuration successful LOG7[0]: Service [gmxpop] started LOG7[0]: Setting local socket options (FD=3) LOG7[0]: Option TCP_NODELAY set on local socket LOG5[0]: Service [gmxpop] accepted connection from 127.0.0.1:60398 LOG6[0]: failover: priority, starting at entry #0 LOG6[0]: s_connect: connecting 212.227.17.171:995 LOG7[0]: s_connect: s_poll_wait 212.227.17.171:995: waiting 10 seconds LOG7[0]: FD=6 events=0x2001 revents=0x0 LOG7[0]: FD=16 events=0x2005 revents=0x0 LOG5[0]: s_connect: connected 212.227.17.171:995 LOG5[0]: Service [gmxpop] connected remote server from 192.168.10.100:56052 LOG7[0]: Setting remote socket options (FD=16) LOG7[0]: Option TCP_NODELAY set on remote socket LOG7[0]: Remote descriptor (FD=16) initialized LOG6[0]: SNI: sending servername: pop.gmx.com LOG6[0]: Peer certificate required LOG7[0]: TLS state (connect): before SSL initialization LOG7[0]: Initializing application specific data for session authenticated LOG7[0]: TLS state (connect): SSLv3/TLS write client hello LOG7[0]: TLS state (connect): SSLv3/TLS write client hello LOG7[0]: TLS state (connect): SSLv3/TLS read server hello LOG7[0]: TLS state (connect): TLSv1.3 read encrypted extensions LOG7[0]: Verification started at depth=2: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 LOG7[0]: CERT: Pre-verification succeeded LOG7[0]: OCSP: Ignoring the root certificate LOG6[0]: Certificate accepted at depth=2: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 LOG7[0]: Verification started at depth=1: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1 LOG7[0]: CERT: Pre-verification succeeded LOG6[0]: Certificate accepted at depth=1: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1 LOG7[0]: Verification started at depth=0: C=DE, ST=Rheinland-Pfalz, L=Montabaur, O=1&amp;1 Mail &amp; Media GmbH, CN=mout.gmx.com LOG7[0]: CERT: Pre-verification succeeded LOG6[0]: CERT: Host name &quot;pop.gmx.com&quot; matched with &quot;pop.gmx.com&quot; LOG7[0]: OCSP: Waiting for OCSP stapling response LOG5[0]: Certificate accepted at depth=0: C=DE, ST=Rheinland-Pfalz, L=Montabaur, O=1&amp;1 Mail &amp; Media GmbH, CN=mout.gmx.com LOG7[0]: TLS state (connect): SSLv3/TLS read server certificate LOG7[0]: TLS state (connect): TLSv1.3 read server certificate verify LOG7[0]: OCSP stapling: Client callback called LOG3[0]: OCSP: No OCSP stapling response received LOG7[0]: TLS state (connect): SSLv3/TLS read finished LOG7[0]: TLS state (connect): SSLv3/TLS write change cipher spec LOG7[0]: TLS state (connect): SSLv3/TLS write finished LOG7[0]: 1 client connect(s) requested LOG7[0]: 1 client connect(s) succeeded LOG7[0]: 0 client renegotiation(s) requested LOG7[0]: 0 session reuse(s) LOG6[0]: TLS connected: new session negotiated LOG6[0]: TLSv1.3 ciphersuite: TLS_AES_256_GCM_SHA384 (256-bit encryption) LOG6[0]: Peer temporary key: X25519, 253 bits LOG7[0]: Compression: null, expansion: null LOG7[0]: TLS alert (read): warning: close notify LOG6[0]: TLS closed (SSL_read) LOG7[0]: Sent socket write shutdown LOG6[0]: Read socket closed (readsocket) LOG7[0]: Sending close_notify alert LOG7[0]: TLS alert (write): warning: close notify LOG6[0]: SSL_shutdown successfully sent close_notify alert LOG5[0]: Connection closed: 58 byte(s) sent to TLS, 217 byte(s) sent to socket LOG7[0]: Deallocating application specific data for session connect address LOG7[0]: Remote descriptor (FD=16) closed LOG7[0]: Local descriptor (FD=3) closed LOG7[0]: Service [gmxpop] finished (0 left) At debug level 3 which is default doesn&#039;t list much. Just interesting. Don&#039;t know all details. Assume similar under windows.

mikes@guam.net

12
live preview
enter atleast 10 characters
WARNING: You mentioned %MENTIONS%, but they cannot see this message and will not be notified
Saving...
Saved
With selected deselect posts show selected posts
All posts under this topic will be deleted ?
Cancel
Delete
Pending draft ... Click to resume editing
Discard draft