User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 Build ID: 20170613080547 Steps to reproduce: Start Thunderbird, Attempt to get email. Been using Thunderbird for 15yrs. Worked fine up-until April 23. Been waiting on V52 hoping things got fixed. Didn't get fixed, so reporting this now. Actual results: No logon prompt. Performed wireshark capture of both thunderbird TLS handshake & FireFox TLS handshake to same server. FireFox TLS client hello is fine & FF connects fine. Thunderbird starting with v50.1? & now 52.2.0_x64 both fail to include "server_name" and "ALPN" extension in Client Hello. OS=Fedora25(4.11.6-201.fc25.x86_64) , nss-3.30.2-1.1.fc25, firefox-54.0-2.fc25, thunderbird-52.2.0-1.fc25, Expected results: logon prompt should have come up after sucessful TLS negotiation.
What version of TLS is being negotiated?
Component: Untriaged → Security
ha, my bad, the version is in the summary. ref https://bugzilla.mozilla.org/show_bug.cgi?id=1361411
I discovered a temp workaround... I had gone into Edit->Prefrences, Advanced, General, Config Editor and changed : require_safe_negotiation true treat_unsafe_negotiation_as_broken true OCSP.enabled true OCSP.GET.enabled true OCSP.require true enable_ocsp_stapling true tls.version.min 3(TLS1.2) tls.version.max 4 ecdhe_ecdsa_aes_128_gcm_sha256 true ecdhe_rsa_aes_128_gcm_sha256 true and disabled : security.ssl3.dhe_rsa_aes_128_sha security.ssl3.dhe_rsa_aes_256_sha security.ssl3.dhe_rsa_des_ede3_sha security.ssl3.ecdhe_ecdsa_aes_128_sha security.ssl3.ecdhe_ecdsa_aes_256_sha security.ssl3.ecdhe_rsa_aes_128_sha security.ssl3.ecdhe_rsa_aes_256_sha security.ssl3.ecdhe_rsa_des_ede3_sha security.ssl3.rsa_aes_256_sha security.ssl3.rsa_des_ede3_sha security.ssl3.rsa_aes_256_sha because they are broken. ------ I changed those setting back to : tls.version.min 1(TLS1.0) ****BAD*** and it works now. This seems like its still a bug. The workaround is to disable security, not a great workaround. I had moved over to Evolution because this bug was so long lived. Looks like its still not fixed in Fedora 26 Thunderbird 52.3. let me know when its fixed.
Summary: TLS 1.2 client Hello from Thunderbird v50 & v52.2 missing "server-name" and "ALPN" extensions. Firefox works fine → TLS 1.2 client Hello in Thunderbird v50, v52.2, v52.3 missing "server-name" and "ALPN" extensions. Firefox works fine
Andy, Can you test the beta from http://www.mozilla.org/en-US/thunderbird/channel/ ?
Summary: TLS 1.2 client Hello in Thunderbird v50, v52.2, v52.3 missing "server-name" and "ALPN" extensions. Firefox works fine → TLS 1.2 client Hello in Thunderbird v50, v52.2, v52.3 missing "server-name" and "ALPN" extensions in Client Hello. Firefox works fine
You need to log in before you can comment on or make changes to this bug.