Closed Bug 409516 Opened 17 years ago Closed 9 years ago

unable to auto-save to drafts folder on IMAP server with FIPS enabled

Categories

(MailNews Core :: Security, defect)

defect
Not set
minor

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: mnix, Unassigned)

References

(Blocks 2 open bugs, )

Details

(Keywords: qawanted)

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; rv:1.9b3pre) Gecko/2007122115 Lightning/0.6a1 SeaMonkey/2.0a1pre
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; rv:1.9b3pre) Gecko/2007122115 Lightning/0.6a1 SeaMonkey/2.0a1pre

When composing an email with FIPS enabled, and auto-save to an IMAP folder triggered before the master password has been entered gives error messages rather than asking for the master password.


Reproducible: Always

Steps to Reproduce:
Setup: Mail stored on an IMAP server. Drafts and Sent folders are also on the IMAP server.  FIPS mode is enabled.
1. Open browser. Do not open the mail window or enter the master password if prompted.
2. compose new mail (or click an email link in a web page)
3. Wait for seamonkey to attempt an auto-save (configured for 5 minutes in my case)
Actual Results:  
Error message about not being able to copy the message to Drafts
AND
Error message about not being able to copy mail to Sent

Pressing Cancel allows you to continue editing the message.

Expected Results:  
prompt for master password (or could just abort the auto-save)

Does not happen when FIPS is disabled. (Mozilla seems to not require the master password with FIPS disabled - I suppose there's a setting for that but I couldn't see it).  Master Password Timeout is set to "First time it is Needed".
Blocks: fips
Product: Core → MailNews Core
Assignee: mail → nobody
Component: MailNews: Main Mail Window → MailNews: Security
OS: Linux → All
Product: Mozilla Application Suite → Core
QA Contact: security
Hardware: PC → All
Version: unspecified → Trunk
anyone using FIPS?
Keywords: qawanted
(In reply to comment #1)
> anyone using FIPS?

Any idea what FIPS is ?
(In reply to comment #2)
> Any idea what FIPS is ?

Options -> Advanced -> Certificates -> Security Devices -> Enable FIPS

It restricts the operation of NSS to the subset that has been FIPS certified. If the server does not support one of the FIPS-certified cipher suites there might be a communication mismatch. FIPS mode should only be used when you know you're in a FIPS-compliant environment top to bottom.
it saved to drafts just fine as long as the master password had been entered for some other reason before it tried to do it.
The codebase has changed a bit since the original request.  Is this problem still present in TB3.0?

This may be hard for me to test since my mail servers use SSL/IMAP, and that will force TB to ask me for a password to initialize FIPS.  I can't access the Drafts folder until I complete the SSL handshake, which requires the password.

I think think of two ways to possibly reproduce:
1. Use a local drive for Drafts
2. Use a server that does not require SSL

Can anyone else reproduce?
Blocks: tb-drafts
Thunderbird now prompts for the master password when it tries to auto-save the message and only gives an error when you cancel the master password prompt... I suppose that makes this a Works for me?
Thanks Onno
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.