If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Disble insecure 3DES encryption in thunderbird SMIME

RESOLVED DUPLICATE of bug 1167857

Status

Thunderbird
Untriaged
RESOLVED DUPLICATE of bug 1167857
4 months ago
4 months ago

People

(Reporter: Ruben, Unassigned)

Tracking

45 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 months ago
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170509210144

Steps to reproduce:

I sent an email to myself, encrypted with an SMIME certificate.



Actual results:

The selected encryption for my email was 3DES which is broken.

On https://lapo.it/asn1js/ you can paste the encrypted email text and see the decrypted details (  for example https://mcaf.ee/fnt3kr )

There you find the string

    OBJECT IDENTIFIER1.2.840.113549.3.7des-EDE3-CBC

which shows that 3DES is used.






Expected results:

A secure encryption like aes, camelia, aria or  chacha20 shouldh have been selected to encrypt my mail body.
(Reporter)

Updated

4 months ago
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1167857
You need to log in before you can comment on or make changes to this bug.