Good morning and thank you so much for the reply. This is not a single server. It is installed on a web server which acts as an interface to send and receive e-mail from our mail server. Can't use sendmail anymore, as I discovered a few years ago I needed to specify relay for the web server IP in /etc/mail/access Config.php $domain = 'my.domain'; $imapServerAddress = 'myserver.mydomain'; $imapPort = 993; $useSendmail = false; $smtpServerAddress = 'myserver.mydomain'; /* $smtpPort = 465; */ $smtpPort = 587; $sendmail_path = '/usr/sbin/sendmail'; The problem with tarball install is that I'm concerned about dependencies, so to be honest, I'd prefer to use a "builtin", stable and proven version, for the moment. I have a docker with roundcube and it works fine whether I disable tls1 or not. Not sure if this helps. It has its own php version... Is it possible to change this in order to use tls 1.2? File: Deliver_SMTP.class.php if (($use_smtp_tls == true) and (check_php_version(4,3)) and (extension_loaded('openssl'))) { $stream = @fsockopen('tls://' . $host, $port, $errorNumber, $errorString); } else { $stream = @fsockopen($host, $port, $errorNumber, $errorString); Best regards. David -----Original Message----- From: Paul Lesniewski <paul@xxxxxxxxxxxxxxxx> Sent: 07 November 2022 22:34 To: Squirrelmail User Support Mailing List <squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx> Cc: David Carvalho <david@xxxxxxxxx> Subject: Re: force TLS1.1 or later > I'm using Squirrelmail 1.4.22-16 on an Oracle Linux 6 with PHP 5.3.3 > > It's running on old hardware so probably it won't be upgraded anytime > soon. > > Squirrelmail is working fine for many years, but I wanted to disable > TLS1 support in sendmail. As soon as I do it, I get "Can't open > Stream" error message. Changed port 465 to 587 but I get the same error. > > This PHP version supports TLS1.1 and 1.2, so, is there a way to "force" > squirrelmail to use these later protocols? SquirrelMail doesn't specifically ask for a TLS version, but it's possible the way it works with your PHP version may cause the downgrade. You'd have to give more details about your configuration to know where to start. That said, if this is a single-server solution, there is no reason for you to be encrypting connections to the same host. Setting that up (even if you have to create a custom port/local listener in sendmail that is non-encrypted) would likely be a more productive use of your time. What's more, you don't even need to be using SMTP to send outgoing mail at all: just configure SquirrelMail to use the sendmail command instead. If you run the configuration tool, it will walk you through doing so (save a copy of your main configuration file just in case). Also, you know that running a system that far out of date is risky and will contain known security vulnerabilities. For SquirrelMail's part, you can easily upgrade yourself by downloading a tarball of version 1.4.23-svn from our downloads page and install it in a parallel directory where you can test migrating your configuration and plugins over -- if it's lightly modified/configured, that probably won't cause too much trouble. -- Paul Lesniewski SquirrelMail Team Please support Open Source Software by donating to SquirrelMail! http://squirrelmail.org/donate_paul_lesniewski.php ----- squirrelmail-users mailing list Posting guidelines: http://squirrelmail.org/postingguidelines List address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List archives: http://news.gmane.org/gmane.mail.squirrelmail.user List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-users