Closed Bug 1361411 Opened 7 years ago Closed 6 years ago

starttls failed unknown reason

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: makarov, Unassigned)

Details

Attachments

(1 file)

tb.jpg
95.27 KB, image/jpeg
Details
Attached image tb.jpg 
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36

Steps to reproduce:

1. Create new account (Exchange server mailbox) with STARTTLS enabled and clear text password.
2. Try send new mail.


Actual results:

Got "Sending of the message failed" error.
I've attached screen with wireshark dump of this session. after connection established thunderbird just close session.
Logs from server:
2017-05-02T14:35:54.624Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,0,192.168.11.142:587,91.240.75.140:49336,+,,
2017-05-02T14:35:54.624Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,1,192.168.11.142:587,91.240.75.140:49336,*,None,Set Session Permissions
2017-05-02T14:35:54.624Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,2,192.168.11.142:587,91.240.75.140:49336,>,"220 smtp.********.ru Microsoft ESMTP MAIL Service ready at Tue, 2 May 2017 17:35:53 +0300",
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,3,192.168.11.142:587,91.240.75.140:49336,<,EHLO [172.17.80.22],
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,4,192.168.11.142:587,91.240.75.140:49336,*,None,Set Session Permissions
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,5,192.168.11.142:587,91.240.75.140:49336,>,250-smtp.********.ru Hello [91.240.75.140],
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,6,192.168.11.142:587,91.240.75.140:49336,>,250-SIZE 52428800,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,7,192.168.11.142:587,91.240.75.140:49336,>,250-PIPELINING,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,8,192.168.11.142:587,91.240.75.140:49336,>,250-DSN,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,9,192.168.11.142:587,91.240.75.140:49336,>,250-ENHANCEDSTATUSCODES,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,10,192.168.11.142:587,91.240.75.140:49336,>,250-STARTTLS,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,11,192.168.11.142:587,91.240.75.140:49336,>,250-AUTH GSSAPI NTLM,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,12,192.168.11.142:587,91.240.75.140:49336,>,250-8BITMIME,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,13,192.168.11.142:587,91.240.75.140:49336,>,250-BINARYMIME,
2017-05-02T14:35:54.639Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,14,192.168.11.142:587,91.240.75.140:49336,>,250 CHUNKING,
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,15,192.168.11.142:587,91.240.75.140:49336,<,STARTTLS,
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,16,192.168.11.142:587,91.240.75.140:49336,>,220 2.0.0 SMTP server ready,
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,17,192.168.11.142:587,91.240.75.140:49336,*,,Sending certificate
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,18,192.168.11.142:587,91.240.75.140:49336,*,"CN=smtp.********.ru, C=RU",Certificate subject
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,19,192.168.11.142:587,91.240.75.140:49336,*,"CN=StartCom Class 1 DV Server CA, OU=StartCom Certification Authority, O=StartCom Ltd., C=IL",Certificate issuer name
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,20,192.168.11.142:587,91.240.75.140:49336,*,6*******************357,Certificate serial number
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,21,192.168.11.142:587,91.240.75.140:49336,*,C********************CE6F,Certificate thumbprint
2017-05-02T14:35:54.702Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,22,192.168.11.142:587,91.240.75.140:49336,*,smtp.********.ru,Certificate alternate names
2017-05-02T14:35:54.733Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,23,192.168.11.142:587,91.240.75.140:49336,*,,"TLS protocol SP_PROT_TLS1_2_SERVER negotiation succeeded using bulk encryption algorithm CALG_AES_256 with strength 256 bits, MAC hash algorithm CALG_SHA1 with strength 160 bits and key exchange algorithm CALG_ECDHE with strength 384 bits"
2017-05-02T14:35:54.733Z,LFEXT02\Client Frontend LFEXT02,08D4915A1F6F31D1,24,192.168.11.142:587,91.240.75.140:49336,-,,Local


Debug logs from client:
2017-05-02 15:32:06.664000 UTC - 1508[a12140]: SMTP Connecting to: smtp.******.ru
2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP Response: 220 smtp.******.ru Microsoft ESMTP MAIL Service ready at Tue, 2 May 2017 18:32:10 +0300
2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP entering state: 14
2017-05-02 15:32:06.692000 UTC - 1508[a12140]: SMTP Send: EHLO [172.17.80.22]

2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-smtp.******.ru Hello [91.240.75.140]
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-SIZE 52428800
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-PIPELINING
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-DSN
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-ENHANCEDSTATUSCODES
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-STARTTLS
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-AUTH GSSAPI NTLM
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-8BITMIME
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250-BINARYMIME
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Response: 250 CHUNKING
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 4
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP entering state: 21
2017-05-02 15:32:06.749000 UTC - 1508[a12140]: SMTP Send: STARTTLS

2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP entering state: 0
2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP Response: 220 2.0.0 SMTP server ready
2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP entering state: 19
2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP entering state: 14
2017-05-02 15:32:06.763000 UTC - 1508[a12140]: SMTP Send: EHLO [172.17.80.22]

(if i use connection without encryption just with NTLM auth - all work fine, on old versions - 38? all works fine too).


Expected results:

Message must be sent :)
> (if i use connection without encryption just with NTLM auth - all work fine, on old versions - 38? all works fine too)

So version 38 and 45 are fine but 52 is not fine?
Component: Untriaged → Security
Flags: needinfo?(makarov)
Thunderbird 52 - problem exists.
Thunderbird 38 - all works fine.
Flags: needinfo?(makarov)
(In reply to Dmitry McArov from comment #2)
> Thunderbird 52 - problem exists.
> Thunderbird 38 - all works fine.

Does it also fail in 60 from http://www.mozilla.org/en-US/thunderbird/channel/
Flags: needinfo?(makarov)
Problem fixed.
Flags: needinfo?(makarov)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: