Closed Bug 1457575 Opened 6 years ago Closed 6 years ago

No error given when DH primes are too short

Categories

(Thunderbird :: Security, defect)

Product:
Thunderbird
Component:
Security
Version:
52 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1187797

People

(Reporter: randy, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Build ID: 20180405092205

Steps to reproduce:

Fedora is tightening its security policy[0] to require 2048 bit DH primes in the upcoming Fedora 28 release. Thunderbird does not give an error message when it encounters a server with primes shorter than the crypto policy allows, which makes it difficult to debug. I hit this problem and Thunderbird didn't give any indication that there were errors, it just didn't show me e-mails from my IMAP server. It didn't even indicate that it wasn't connecting to the IMAP server. I ended up using Evolution to see that it was weak DH keys on the server. Can we get Thunderbird to give an error message when this happens?

I originally reported this at https://bugzilla.mozilla.org/show_bug.cgi?id=1185060#c13


[0] https://fedoraproject.org/wiki/Changes/StrongCryptoSettings
Component: Untriaged → Security
See Also: → 1185060
Sounds like duplicatre of 1187797
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
See Also: 1185060
You need to log in before you can comment on or make changes to this bug.