bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

[autoconfig] When automatically configuring new email accounts TLS should be preferred to STARTTLS



Account Manager
3 years ago
2 years ago


(Reporter: Jason Leake, Unassigned)


31 Branch

Firefox Tracking Flags

(Not tracked)




3 years ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150321175551

Steps to reproduce:

Thunderbird 31.5
- Go to the left hand pane, which shows the email accounts and folders in them
- Right click on an email account, a new window will appear
- Go to the drop down menu at the bottom of the left hand column labelled Account Actions
- Select Add mail account...
- In the add mail account window which opens put in:
Account actions->Add mail account
- Put in any name, XXXXXX@runbox.com (or any random *runbox* address), any password
click continue in the bottom right hand of the add mail account window

The box will then be modified with Configuration found at email provider, and the configuration which was found. This bug relates to the line which says "Outgoing".

Actual results:

SMTP account setting  is 

Outgoing: SMTP, secure.runbox.com, STARTTLS

(runbox.com may be displayed if you don't have a runbox account set up already, but this doesn't matter)

Expected results:

SMTP account setting should choose TLS in preference to STARTTLS where both are offered by the SMTP server.

My email client offers both TLS and STARTTLS for SMTP. When I get Thunderbird to automatically probe it to find the settings when recreating the account in Thunderbird it offers me STARTTLS by default.

It should offer TLS by default if both are available because STARTTLS can, and has been, subverted by ISPs who clear the STARTTLS flag in SMTP requests so that the mail is transferred unencrypted. See, for example, http://www.theregister.co.uk/2014/11/12/customers_email_encryption_stripped_out_by_isps/


3 years ago
Component: Untriaged → Account Manager
Summary: When automatically configuring new email accounts TLS should be preferred to STARTTLS → [autoconfig] When automatically configuring new email accounts TLS should be preferred to STARTTLS

Comment 1

2 years ago
Thunderbird uses the first "outgoingServer" section in the provider's "config-v1.1.xml", there's no problem with this (@see https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat#Multiple_servers).

Two solutions:
- SMTP with SSL should be added first in the autoconfig file, so it will have the priority
- never add an SMTP with STARTTLS entry

Thunderbird is not the problem here.
You need to log in before you can comment on or make changes to this bug.