> So perhaps the new checks in 2.3.10/11 are blocking self signed > certificates, even with "TLS_REQCERT allow"? I also tried "never", > same result. Are you setting a TLS_CACERT to your self-signed CA? If not, I'd try that.