imap 2000 seems lacks the functionality which presents in stunnel and was used in the previos releases: validate client through locally installed sertificates. /usr/sbin/stunnel -v level verify peer certificate level 1 - verify peer certificate if present level 2 - require valid peer certificate always level 3 - verify peer with locally installed certificate The imap 2000 does not have an analogue of -v 3 to validate client sertificate
That appears to be a feature of stunnel, and we no longer use stunnel for imaps support as it is integrated into UW imap now. If you need that support, just continue using stunnel, although you may have to build your own imapd.