Thunderbird doesn't detect when TLS renegotiation is disabled



8 years ago
8 years ago


(Reporter: emoore, Unassigned)


Firefox Tracking Flags

(Not tracked)


(Whiteboard: [gs], URL)



8 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20100526 Thunderbird/3.1

Thunderbird 3.1RC1 reports in the error console: : potentially vulnerable to CVE-2009-3555 

This is the SSL/TLS renegotiation vulnerability that was used to steal usernames / passwords from Twitter. is the mail server (its actually a proxy) provided by Thunderbird doesn't report this vulnerability for Gmail or Google Apps but does for Fastmail, Aim, and Hotmail. I assume this means Gmail implements RFC 5746 and NSS detected that. However, according to the weblog at they configured the mail servers to disable SSL renegotiation.

Technically, the message only said it was "potentially vulnerable". However, if these types of security messages are going to be useful to the user it should be thorough enough to test if SSL renegotiation was disabled. Otherwise its just security theater. Especially if more email providers decide to fix the problem the way Fastmail did (reconfigure their services) rather than by adding new features (supporting RFC 5746)

See for some more information. Supposedly any Mozilla application that uses NSS 3.12.6 or higher would do the same thing.

As an aside, are Mozilla applications that support SSL/TLS expected to support the settings in or is that meant just for Firefox? The reason I ask is if security.ssl.treat_unsafe_negotiation_as_broken is set true the application is supposed to display a visual indication to the user such as a red/broken padlock if the problem occurs. If it is, and its Thunderbird's responsibility to implement that (not NSS's) please let me know and I'll write a separate bug report on that.

Reproducible: Always


8 years ago
Ever confirmed: true
OS: Windows Vista → All
Hardware: x86 → All
Whiteboard: [gs]
Version: unspecified → Trunk

Comment 1

8 years ago
Ben, I've noticed that trunk and 1.9.2 versions of HandshakeCallback() in nsNSSCallbacks.cpp (that's where the message is generated) are different due
to bug 549641 which you filed. It appears to me though that this was just for introducing a pref to suppress the warning, or am I missing something?

Comment 2

8 years ago
Yes, this is basically a DUP. The bug I filed was complaining about exactly the same thing: The msg in the error console appears even though TLS renegotiation is disabled. My bug has people explaining that the client cannot know whether TLS renego was disabled on the server, unless the server also implements RFC 5746, therefore the msg is claimed to be "technically correct" (as reporter here says as well), but cannot reasonably be improved either.

Either way, the fix for FF and TB is the same, because the code is in NSS, so it's a DUP in that respect, too.
Last Resolved: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 549641
You need to log in before you can comment on or make changes to this bug.