Closed Bug 1366228 Opened 7 years ago Closed 7 years ago

"does not support the selected authentication method" since upgrading to 52.1.1 when using StartCom certificate

Categories

(Thunderbird :: Untriaged, defect)

Product:
Thunderbird
Component:
Untriaged
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mmitar, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

After my Thunderbird upgraded to 52.1.1 from previous version (I think 51) I cannot anymore connect to my IMAP server. It returns "does not support the selected authentication method" notification.



Expected results:

Connect to my IMAP server.

Provide at least a better error message. It is really unclear what is happened.
I am using STARTTLS authentication method.
I am using StartSSL for my certificate:

        Issuer: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 1 DV Server CA
        Validity
            Not Before: Oct 28 13:03:20 2016 GMT
            Not After : Oct 28 13:03:20 2019 GMT

Is it possible that this is the issue? I know that they were removed from Firefox. Did the same thing happen for Thunderbird?
Yes, TB uses Mozilla core software also used by FF.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
But the error message is completely unhelpful. This should be a much better error message. Like: "Certificate invalid" or something. With an option to inspect the certificate, and add certificate exception.
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
There is also nothing in release notes about this?
See bug 1309707 and bug 1311832.

Reporter: Due to limited resources, we won't action this bug. People doing their own security configuration need to know what they're doing and keep up with the tech news, for example:
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Obviously, you diagnosed the problem yourself.

Personally I think that "does not support the selected authentication method" goes pretty close, although, no doubt, "Certificate distrusted/invalid" would be more helpful.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago7 years ago
Resolution: --- → WONTFIX
Summary: "does not support the selected authentication method" since upgrading to 52.1.1 → "does not support the selected authentication method" since upgrading to 52.1.1 when using StartCom certificate
You need to log in before you can comment on or make changes to this bug.