Closed
Bug 1361411
Opened 7 years ago
Closed 6 years ago
starttls failed unknown reason
Categories
(Thunderbird :: Security, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: makarov, Unassigned)
Details
Attachments
(1 file)
95.27 KB,
image/jpeg
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 Steps to reproduce: 1. Create new account (Exchange server mailbox) with STARTTLS enabled and clear text password. 2. Try send new mail. Actual results: Got "Sending of the message failed" error. I've attached screen with wireshark dump of this session. after connection established thunderbird just close session. Logs from server: 2017-05-02T14:35:54.624Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,0,192.168.11.142:587,91.240.75.140:49336,+,, 2017-05-02T14:35:54.624Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,1,192.168.11.142:587,91.240.75.140:49336,*,None,Set Session Permissions 2017-05-02T14:35:54.624Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,2,192.168.11.142:587,91.240.75.140:49336,>,"220 smtp.********.ru Microsoft ESMTP MAIL Service ready at Tue, 2 May 2017 17:35:53 +0300", 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,3,192.168.11.142:587,91.240.75.140:49336,<,EHLO [172.17.80.22], 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,4,192.168.11.142:587,91.240.75.140:49336,*,None,Set Session Permissions 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,5,192.168.11.142:587,91.240.75.140:49336,>,250-smtp.********.ru Hello [91.240.75.140], 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,6,192.168.11.142:587,91.240.75.140:49336,>,250-SIZE 52428800, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,7,192.168.11.142:587,91.240.75.140:49336,>,250-PIPELINING, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,8,192.168.11.142:587,91.240.75.140:49336,>,250-DSN, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,9,192.168.11.142:587,91.240.75.140:49336,>,250-ENHANCEDSTATUSCODES, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,10,192.168.11.142:587,91.240.75.140:49336,>,250-STARTTLS, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,11,192.168.11.142:587,91.240.75.140:49336,>,250-AUTH GSSAPI NTLM, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,12,192.168.11.142:587,91.240.75.140:49336,>,250-8BITMIME, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,13,192.168.11.142:587,91.240.75.140:49336,>,250-BINARYMIME, 2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,14,192.168.11.142:587,91.240.75.140:49336,>,250 CHUNKING, 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,15,192.168.11.142:587,91.240.75.140:49336,<,STARTTLS, 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,16,192.168.11.142:587,91.240.75.140:49336,>,220 2.0.0 SMTP server ready, 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,17,192.168.11.142:587,91.240.75.140:49336,*,,Sending certificate 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,18,192.168.11.142:587,91.240.75.140:49336,*,"CN=smtp.********.ru, C=RU",Certificate subject 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,19,192.168.11.142:587,91.240.75.140:49336,*,"CN=StartCom Class 1 DV Server CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL",Certificate issuer name 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,20,192.168.11.142:587,91.240.75.140:49336,*,6*******************357,Certificate serial number 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,21,192.168.11.142:587,91.240.75.140:49336,*,C********************CE6F,Certificate thumbprint 2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,22,192.168.11.142:587,91.240.75.140:49336,*,smtp.********.ru,Certificate alternate names 2017-05-02T14:35:54.733Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,23,192.168.11.142:587,91.240.75.140:49336,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_256 with strength 256 bits, MAC hash algorithm CALG_SHA1 with strength 160 bits and key exchange algorithm CALG_ECDHE with strength 384 bits" 2017-05-02T14:35:54.733Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,24,192.168.11.142:587,91.240.75.140:49336,-,,Local Debug logs from client: 2017-05-02 15:32:06.664000 UTC - 1508[a12140]: SMTP Connecting to: smtp.******.ru 2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP Response: 220 smtp.******.ru Microsoft ESMTP MAIL Service ready at Tue, 2 May 2017 18:32:10 +0300 2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP entering state: 14 2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP Send: EHLO [172.17.80.22] 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-smtp.******.ru Hello [91.240.75.140] 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-SIZE 52428800 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-PIPELINING 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-DSN 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-ENHANCEDSTATUSCODES 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-STARTTLS 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-AUTH GSSAPI NTLM 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-8BITMIME 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-BINARYMIME 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250 CHUNKING 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 4 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 21 2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Send: STARTTLS 2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP entering state: 0 2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP Response: 220 2.0.0 SMTP server ready 2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP entering state: 19 2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP entering state: 14 2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP Send: EHLO [172.17.80.22] (if i use connection without encryption just with NTLM auth - all work fine, on old versions - 38? all works fine too). Expected results: Message must be sent :)
Comment 1•7 years ago
|
||
> (if i use connection without encryption just with NTLM auth - all work fine, on old versions - 38? all works fine too)
So version 38 and 45 are fine but 52 is not fine?
Component: Untriaged → Security
Flags: needinfo?(makarov)
Reporter | ||
Comment 2•7 years ago
|
||
Thunderbird 52 - problem exists. Thunderbird 38 - all works fine.
Flags: needinfo?(makarov)
Comment 3•6 years ago
|
||
(In reply to Dmitry McArov from comment #2) > Thunderbird 52 - problem exists. > Thunderbird 38 - all works fine. Does it also fail in 60 from http://www.mozilla.org/en-US/thunderbird/channel/
Flags: needinfo?(makarov)
Reporter | ||
Updated•6 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•