Instant timeout when connecting to SMTP server with self-signed certificate
Categories
(MailNews Core :: Security, defect)
Tracking
(thunderbird_esr140 affected)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr140 | --- | affected |
People
(Reporter: Apfelkomplott, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
(Keywords: regression, regressionwindow-wanted)
Attachments
(1 file)
|
Bug 1977400 - Offer to set a certificate override on PKIX certificate validation failures. r=mkmelin
48 bytes,
text/x-phabricator-request
|
Details | Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Steps to reproduce:
- I setup a new e-mail account with credentials to a server which uses self-signed certificates for TLS/SSL connections. IMAP settings: Port 993 using TLS. SMTP settings: Port 25 using STARTTLS.
- Optional: I imported the root certificate of the self-signed server certificate as Certificate Authority (CA)
Actual results:
- Fetching emails using IMAP works after I accept the self-signed certificate in the dialog that pops up
- Sending an email fails immediately with a timeout. No dialog is shown where I could accept the certificate.
Expected results:
Sending emails using a server with self-signed certificates should work.
|
Reporter | |
Comment 1•1 month ago
|
||
BTW: The problem occured on a Windows 11 machine.
We had this issue after the update to 141.0esr. Although in our case the issue is a certificate with an invalid domain, rather than a self-signed certificate, it exhibited the same issue.
We fixed it by first setting the connection security to None, and the authentication to "password, transmitted insecurely", sending an email, then changing the connection security back to STARTTLS.
|
||
Updated•19 days ago
|
|
Assignee | |
Updated•17 days ago
|
|
|
Assignee | |
Comment 3•17 days ago
|
||
Nic Jones:
I can reproduce the bug in 141 in later. It seems to be related to STARTTLS.
|
|
Assignee | |
Comment 4•17 days ago
|
||
Apfelkomplott:
Can you please say in version you experience this bug?
I don't see a bug in 140. You initially reported this bug against version 140.
I see the bug in 141 and later.
|
|
Assignee | |
Comment 5•13 days ago
|
||
Not sure what happened when I wrote comment 4.
Today I can reproduce with 140, too.
|
||
Updated•13 days ago
|
|
|
Assignee | |
Comment 6•13 days ago
|
||
|
||
Updated•13 days ago
|
|
|
Assignee | |
Comment 7•13 days ago
|
||
Could you please help to test a potential fix for this bug?
Please download and extract the following build, and run it directly from the extracted directory.
It is a build based on 140.x, so it should work fine with your existing profile from the 140.x version.
(If necessary, you can pass the -P parameter to Thunderbird to get a profile selection prompt.)
Windows 64bit:
https://firefox-ci-tc.services.mozilla.com/api/queue/v1/task/X1Yw7SySSvenoU7teEbm7A/runs/0/artifacts/public/build/target.zip
Let me know if you need another platform for testing.
(The test build contains a view additional fixes, test build is here:
https://treeherder.mozilla.org/jobs?repo=try-comm-central&revision=24c779a2db5ec40dd1b5676f48944aceabd973fc )
|
|
Assignee | |
Comment 8•13 days ago
|
||
Does anyone prefer to test the fix with another version, 141, 142, 143 ?
(In reply to Kai Engert [:KaiE:] from comment #7)
Could you please help to test a potential fix for this bug?
Please download and extract the following build, and run it directly from the extracted directory.
It is a build based on 140.x, so it should work fine with your existing profile from the 140.x version.
(If necessary, you can pass the -P parameter to Thunderbird to get a profile selection prompt.)
I can confirm it works now! After sending an e-mail the security exceptions dialog appears. Thank you for the fix.
Description
•