I have been able to connect to pop.xs4all.nl with The Bat! version 8.3. Here is the log:
23.03.2018, 18:57:10: FETCH - receiving mail messages
23.03.2018, 18:57:10: FETCH - Connecting to POP3 server pop.xs4all.nl on port 995
23.03.2018, 18:57:10: FETCH - Initiating TLS handshake
>23.03.2018, 18:57:10: FETCH - Certificate S/N: 0493EF61A34F0A959C13663FDCB9D95997BD, algorithm: RSA (4096 bits), issued from 2/12/2018 12:35:29 PM to 5/13/2018 12:35:29 PM, for 8 host(s): pop.xs4all.nl, mail.xs4all.nl, pop-ipv4.xs4all.nl, pop-ipv6.xs4all.nl, pop3.cistron.nl, pop3.demon.nl, pop3.xs4all.nl, pops.xs4all.nl.
>23.03.2018, 18:57:10: FETCH - Owner: "pop.xs4all.nl".
>23.03.2018, 18:57:10: FETCH - Issuer: "US", "Let's Encrypt", "Let's Encrypt Authority X3". Valid from 3/17/2016 4:40:46 PM to 3/17/2021 4:40:46 PM.
>23.03.2018, 18:57:10: FETCH - Root: "Digital Signature Trust Co.", "DST Root CA X3". Valid from 9/30/2000 9:12:19 PM to 9/30/2021 2:01:15 PM.
23.03.2018, 18:57:10: FETCH - TLS handshake complete
23.03.2018, 18:57:10: FETCH - connected to POP3 server
The error message "The certificate cannot be used for this purpose" that The Bat! gave in the above messages means that the certificate was good but have not been issued for this purpose. If a certificate has an "extended key usage" property (extKeyUsage), than, for a server like a POP3 server there should be "serverAuth" purpose included. If there is just a basic "key usage" property in the certificate, it should have ("keyEncipherment" or "ku_keyAgreement") AND (digitalSignature).
So the problem is not with the elliptic curves but with a key usage. Could you please post us a link where we can download and see this EC certificate?
23.03.2018, 18:57:10: FETCH - receiving mail messages
23.03.2018, 18:57:10: FETCH - Connecting to POP3 server pop.xs4all.nl on port 995
23.03.2018, 18:57:10: FETCH - Initiating TLS handshake
>23.03.2018, 18:57:10: FETCH - Certificate S/N: 0493EF61A34F0A959C13663FDCB9D95997BD, algorithm: RSA (4096 bits), issued from 2/12/2018 12:35:29 PM to 5/13/2018 12:35:29 PM, for 8 host(s): pop.xs4all.nl, mail.xs4all.nl, pop-ipv4.xs4all.nl, pop-ipv6.xs4all.nl, pop3.cistron.nl, pop3.demon.nl, pop3.xs4all.nl, pops.xs4all.nl.
>23.03.2018, 18:57:10: FETCH - Owner: "pop.xs4all.nl".
>23.03.2018, 18:57:10: FETCH - Issuer: "US", "Let's Encrypt", "Let's Encrypt Authority X3". Valid from 3/17/2016 4:40:46 PM to 3/17/2021 4:40:46 PM.
>23.03.2018, 18:57:10: FETCH - Root: "Digital Signature Trust Co.", "DST Root CA X3". Valid from 9/30/2000 9:12:19 PM to 9/30/2021 2:01:15 PM.
23.03.2018, 18:57:10: FETCH - TLS handshake complete
23.03.2018, 18:57:10: FETCH - connected to POP3 server
The error message "The certificate cannot be used for this purpose" that The Bat! gave in the above messages means that the certificate was good but have not been issued for this purpose. If a certificate has an "extended key usage" property (extKeyUsage), than, for a server like a POP3 server there should be "serverAuth" purpose included. If there is just a basic "key usage" property in the certificate, it should have ("keyEncipherment" or "ku_keyAgreement") AND (digitalSignature).
So the problem is not with the elliptic curves but with a key usage. Could you please post us a link where we can download and see this EC certificate?