On Wed, Jul 08, 2020 at 05:12:20AM -0400, Gene Heskett wrote: > As a 2 decade user of fetchmail/procmail combo, I just updated to stretch > backports, but did not get a TLSv1.3, so when I configure the newest > fetchmail, I don't get ssl3 support.
Er... what? This question doesn't make any sense. I can't figure out whether you're asking for a *newer* library or an *older* library than what you have right now. TLS 1.3 is very new, and is not assumed to be present by most applications. SSL 3 is extremely old, and has well-known exploited holes. My first Google hit for SSL 3 is a refernce to the POODLE exploit from 2014. <https://blog.qualys.com/ssllabs/2014/10/15/ssl-3-is-dead-killed-by-the-poodle-attack> Are you *really* trying to use SSL 3, because that's what you configured the other end to use, "2 decades" ago? If so, it is time to stop doing that. Upgrade *both* ends to use currently supported, non-vulnerable TLS protocols. At this point, TLS 1.2 is your most likely target.
