Closed Bug 1579863 Opened 6 years ago Closed 6 years ago

does not support >TLSv1.0

Categories

(Calendar :: General, defect)

Product:
Calendar
Component:
General
Version:
Lightning 6.2.8
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: pille+mozilla+bugzilla, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.87 Safari/537.36

Steps to reproduce:

subscribe to caldav calendar on a server that only supports >=TLSv1.1

Actual results:

nothing.
server logs indicate SSL handshake failure
test with a different server that provides TLS1.0 succeeded.

Expected results:

calendar should be subscribed and synced.

Does the current Thunderbird 68 release with Lightning 7.0 (aka Lightning 68) show the same or different behavior?

Do you get any error messages reported in Thunderbird in menu Tools > Developer Tools > Error Console when subscribing to the calendar? You can set the advanced preferences "calendar.debug.log" or "calendar.debug.log.verbose" or both to true to get more information reported into Error Console if necessary.

Flags: needinfo?(pille+mozilla+bugzilla)

seems, my comment via email did not get through:

unfortunately there's still no upgrade path for v60.8 to v68 available
for me.

Lightning:There has been an error reading data for calendar: test.
However, this error is believed to be minor, so the program will attempt
to continue. Error code: READ_FAILED. Description:
calCalendarManager.js:984
Lightning:[calCachedCalendar] replay action failed: null,
uri=https://nextcloud.REDACTED, result=2147500037, operation=[xpconnect
wrapped calIOperation] calCachedCalendar.js:330

nothing more with increased verbosity/debug.

in the meantime, i figured out that this issue was based on a remote configuration error, so you may close this ticket.
i'll leave it open, because there was no helpful error message in diagnosing this issue, while there could have been one.
here's the background:

  • server provides multiple certificates (RSA, ECDSA)
  • ECDSA seems preferred by mozilla
  • OCSP stapling was only provided for RSA
    so it's ok to not setup a connection, if the cert status is not verified, but this reason should be presented to the user, either in direct dialog or log.
Flags: needinfo?(pille+mozilla+bugzilla)
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.