Closed Bug 1364568 Opened 7 years ago Closed 7 years ago

Disble insecure 3DES encryption in thunderbird SMIME

Categories

(Thunderbird :: Untriaged, defect)

Product:
Thunderbird
Component:
Untriaged
Version:
45 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1167857

People

(Reporter: mozilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170509210144

Steps to reproduce:

I sent an email to myself, encrypted with an SMIME certificate.



Actual results:

The selected encryption for my email was 3DES which is broken.

On https://lapo.it/asn1js/ you can paste the encrypted email text and see the decrypted details (  for example https://mcaf.ee/fnt3kr )

There you find the string

    OBJECT IDENTIFIER1.2.840.113549.3.7des-EDE3-CBC

which shows that 3DES is used.






Expected results:

A secure encryption like aes, camelia, aria or  chacha20 shouldh have been selected to encrypt my mail body.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.