Comment # 6 on bug 1207963 from 
If I use openssl to connect to my ISP I can see errors with MinProtocol TLSv1.2
and I succeed with TLSv1.1.

-----------------------------------------------------
With TLS.MinProtocol = TLSv1.2

# openssl s_client -connect  pop.actrix.co.nz:995
CONNECTED(00000003)
40B7E358697F0000:error:0A000102:SSL
routines:ssl_choose_client_version:unsupported
protocol:ssl/statem/statem_lib.c:1952:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 58 bytes and written 327 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

--------------------------------------------------------
With TLS.MinProtocol = TLSv1.1
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global
Root CA
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256
2022 CA1
verify return:1
depth=0 CN = *.actrix.co.nz
verify return:1
---
Certificate chain
 0 s:CN = *.actrix.co.nz
   i:C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022
CA1
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
   v:NotBefore: Dec  6 00:00:00 2022 GMT; NotAfter: Dec 23 23:59:59 2023 GMT
 1 s:C = US, O = "DigiCert, Inc.", CN = RapidSSL Global TLS RSA4096 SHA256 2022
CA1
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root
CA
   a:PKEY: rsaEncryption, 4096 (bit); sigalg: RSA-SHA256
   v:NotBefore: May  4 00:00:00 2022 GMT; NotAfter: Nov  9 23:59:59 2031 GMT
 2 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root
CA
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root
CA
   a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1
   v:NotBefore: Nov 10 00:00:00 2006 GMT; NotAfter: Nov 10 00:00:00 2031 GMT
---
...
---
+OK Hello there.

---------------------------------------------

No idea who is at fault, my ISP, or openssl?

You are receiving this mail because: