"does not support the selected authentication method" since upgrading to 52.1.1 when using StartCom certificate

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
a year ago
a year ago

People

(Reporter: mmitar, Unassigned)

Tracking

52 Branch

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170504105526

Steps to reproduce:

After my Thunderbird upgraded to 52.1.1 from previous version (I think 51) I cannot anymore connect to my IMAP server. It returns "does not support the selected authentication method" notification.



Expected results:

Connect to my IMAP server.

Provide at least a better error message. It is really unclear what is happened.
(Reporter)

Comment 1

a year ago
I am using STARTTLS authentication method.
(Reporter)

Comment 2

a year ago
I am using StartSSL for my certificate:

        Issuer: C=IL, O=StartCom Ltd., OU=StartCom Certification Authority, CN=StartCom Class 1 DV Server CA
        Validity
            Not Before: Oct 28 13:03:20 2016 GMT
            Not After : Oct 28 13:03:20 2019 GMT

Is it possible that this is the issue? I know that they were removed from Firefox. Did the same thing happen for Thunderbird?

Comment 3

a year ago
Yes, TB uses Mozilla core software also used by FF.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID
(Reporter)

Comment 4

a year ago
But the error message is completely unhelpful. This should be a much better error message. Like: "Certificate invalid" or something. With an option to inspect the certificate, and add certificate exception.
(Reporter)

Updated

a year ago
Status: RESOLVED → UNCONFIRMED
Resolution: INVALID → ---
(Reporter)

Comment 5

a year ago
There is also nothing in release notes about this?

Comment 6

a year ago
See bug 1309707 and bug 1311832.

Reporter: Due to limited resources, we won't action this bug. People doing their own security configuration need to know what they're doing and keep up with the tech news, for example:
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Obviously, you diagnosed the problem yourself.

Personally I think that "does not support the selected authentication method" goes pretty close, although, no doubt, "Certificate distrusted/invalid" would be more helpful.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year agoa year ago
Resolution: --- → WONTFIX
Summary: "does not support the selected authentication method" since upgrading to 52.1.1 → "does not support the selected authentication method" since upgrading to 52.1.1 when using StartCom certificate

Updated

a year ago
Duplicate of this bug: 1366630
You need to log in before you can comment on or make changes to this bug.