I don’t send messages very often via K9.
Today I noticed that I cannot.
When I go to check the server settings, I get an SSL error.
Unfortunately I can’t copy and paste from it so here’s a screenshot.
I haven’t changed anything on the server. This must be due to some K9 update that was picked up.
The server cannot speak anything beyond TLS 1.0.
K9 version is 6.804
Wow. TLS 1.0/1.1 was deprecated in 2021 due to age and known issues. Is this your server? Or a server you are paying for? (if so, contact them and bring them up to TLS 1.2 or TLS 1.3).
It is my SMTP server.
Sounds like it’s time for an update then 
It is not updateable, unfortunately.
Is there some setting inside K9 to enable the older TLS?
No. K-9 Mail uses the TLS implementation that ships with Android.
It is time to replace it then. If you can replace it with something that can be updated in place, it makes keeping the server patched a lot easier.
It looks like this boringssl is an external dependency that is provided by Android itself? I don’t suspect K9 did anything; it may be that an update to that component occurred.
If the server is under your control and you cannot or don’t want to update the MTA, you could use reverse proxy as a downgrade proxy.
E.g., nginx with TLS 1.3 on the ingress side and then TLS 1.0 or 1.1 on the internal end.
A reverse proxy is what I used for migrating off the old web server. That’s very handy. Applications on the old web server can be made to look like they’re on the new server which terminates the HTTPS connections.
It doesn’t seem like something that would work for SMTP and IMAP4?!
Anyway, I just set up plain text connecting with CRAM-MD5 auth for both incoming and outgoing, so everything’s working.
SMTP is a text-based protocol very similar to HTTP. nginx does not care whether the connection is HTTP, SMTP or even Telnet. It will just do it’s job so long it is able to apply rules to the traffic. Worst case, just create a *-rule that applies to all traffic.
If you are unhappy with what nginx does with your MTA, try Traefik.
As has been pointed out, it’s not possible. All you can do is disable TLS. Android refuses to connect with 1.0 or earlier, which is annoying as the vulnerability didn’t exist until introduced with 1.0 - earlier releases have remained secure. Google imposed this nonsense on STARTTLS connections a few years ago too.
Disabling TLS is obviously risky if anyone can see your traffic, but if your on you own LAN or can use a VPN it’s not such a big deal (adding you know what you’re doing)
You can use Fairemail, it has no dependencies on boringssl.
I’m in the same situation as you, after K-9 started failing to connect, I switched to Fairemail.
It doesn’t look like K-9 will implement its own SSL libraries in the future, so it forces me to switch to Fairemail.
