Open
Bug 1149101
Opened 9 years ago
Updated 2 years ago
[autoconfig] When automatically configuring new email accounts TLS should be preferred to STARTTLS
Categories
(Thunderbird :: Account Manager, defect)
Tracking
(Not tracked)
NEW
People
(Reporter: jason.leake, Unassigned)
References
Details
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0 Build ID: 20150321175551 Steps to reproduce: Thunderbird 31.5 - Go to the left hand pane, which shows the email accounts and folders in them - Right click on an email account, a new window will appear - Go to the drop down menu at the bottom of the left hand column labelled Account Actions - Select Add mail account... - In the add mail account window which opens put in: Account actions->Add mail account - Put in any name, XXXXXX@runbox.com (or any random *runbox* address), any password click continue in the bottom right hand of the add mail account window The box will then be modified with Configuration found at email provider, and the configuration which was found. This bug relates to the line which says "Outgoing". Actual results: SMTP account setting is Outgoing: SMTP, secure.runbox.com, STARTTLS (runbox.com may be displayed if you don't have a runbox account set up already, but this doesn't matter) Expected results: SMTP account setting should choose TLS in preference to STARTTLS where both are offered by the SMTP server. My email client offers both TLS and STARTTLS for SMTP. When I get Thunderbird to automatically probe it to find the settings when recreating the account in Thunderbird it offers me STARTTLS by default. It should offer TLS by default if both are available because STARTTLS can, and has been, subverted by ISPs who clear the STARTTLS flag in SMTP requests so that the mail is transferred unencrypted. See, for example, http://www.theregister.co.uk/2014/11/12/customers_email_encryption_stripped_out_by_isps/
Component: Untriaged → Account Manager
Summary: When automatically configuring new email accounts TLS should be preferred to STARTTLS → [autoconfig] When automatically configuring new email accounts TLS should be preferred to STARTTLS
Thunderbird uses the first "outgoingServer" section in the provider's "config-v1.1.xml", there's no problem with this (@see https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat#Multiple_servers). Two solutions: - SMTP with SSL should be added first in the autoconfig file, so it will have the priority - never add an SMTP with STARTTLS entry Thunderbird is not the problem here.
|
||
Comment 2•3 years ago
|
||
With no SRV records and ISPDB entries, Thunderbird still prefers to use STARTTLS for SMTP, POP3, and IMAP. This should really be changed to implicit TLS as default, as it is more secure and more performant than STARTTLS.
It would also be amazing, when Thunderbird could prompt on old configurations to change from STARTTLS (or even plaintext!) to implicit TLS.
I guess many people did not change their configuration very often and they could benefit from that.
|
||
Updated•3 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•2 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•