Closed Bug 1873646 Opened 8 months ago Closed 8 months ago

TLS certificate errors are not managed very well

Categories

(Calendar :: Dialogs, defect)

Product:
Calendar
Component:
Dialogs
Version:
Thunderbird 115
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1728968

People

(Reporter: git, Unassigned)

Details

Attachments

(1 file)

Screenshot of Thunderbird TLS error exception dialog.png
54.49 KB, image/png
Details

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0

Steps to reproduce:

Connect to a public wifi with a captive portal.
Start Thunderbird with a remote calendar configured.

Actual results:

Calendar / Lightning throws a (many) TLS certificate error pop up window(s) that has(have) multiple issues:

  • By default, it encourages the user to accept whatever random certificate is presented to it. Adding insult to injury, it wants to do so permanently. This is very much classified as Not Good™ in terms of security.

  • It can open tens and tens of pop up windows, which the user then needs to close manually. Most users won't know that they can just press the escape key on their keyboard to close the pop up window quickly, and so will have to click manually. Some users might not even realise that their clicking actions are doing anything, because there are so many pop up windows to close, and think Thunderbird has simply frozen / is broken.

Expected results:

The warning should be less intrusive. A toast-like pop-up in a corner of the Thunderbird frontend would be nicer. Something that would allow to learn more, ignore or, as in Firefox, if you know what you are doing accept the wrong certificate.

In no way should the default choice be to accept permanently.

Only one notification should be shown. It could show a count of retries and number of TLS errors, but it should not create a new warning for each.

Ideally, the calendar itself (and the Today Pane) should change visually to reflect the error. This sounds harder to pull off (change colour? saturation? how to deal with accessibility then?).

TLS certificate errors are hard to present to users in a helpful way. But i'm sure we can do better here :)

Status: UNCONFIRMED → RESOLVED
Closed: 8 months ago
Duplicate of bug: 1728968
Resolution: --- → DUPLICATE

Sorry, but this is not a duplicate of bug 1728968. That bug is about creating multiple pop-ups and managing captive portal gated connections poorly.

This bug as bout the language used and the very poor security behaviour encouraged by Thunderbird.

To reiterate: In no way should the default choice be to accept permanently an exceptionfor bad TLS certificates. This is what Firefox has moved to: you need to actively decide to accept a bad cert in Firefox.

Having only one pop-up on certificate error would be a huge improvement, but we also need to do better in explaining to users what is happening and why they most probably shouldn't accept a random actor's fake certificate masquerading as their email or calendar provider's legitimate proof of identity.

Please re-open :)

Screenshot on the Bad Decisions™ the TLS security exception dialog encourages users to make.

Hello, could we please reopen this bug?
I'v added a screenshot of the dialgo to show precisely how bad it is.

It has a scary looking warning triangle, bold in multiple places, tells users they are about to do something they are likely to neither underdand nor understand the consequences of and, as initially reported, pre-selects the worst choice in this scenario: accepting a rogue certificate and making that decision permanent.

Firefox has a much better dialog and wording when asked to load a site where the certificate is invalid: try https://wrong.host.badssl.com/ in Firefox to see.
It recommends to A/ not keep going and if you do decide to override and accept the certificate, it doesn't make that choice sticky.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: