Closed Bug 667057 Opened 12 years ago Closed 12 years ago

Problems with Yahoo POP servers


(MailNews Core :: Security, defect)

Other Branch
Windows 7
Not set


(Not tracked)



(Reporter: jgosis, Unassigned)



User-Agent:       Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; es-AR; rv: Gecko/20110616 Thunderbird/3.1.11

TB cannot get the Yahoo POP mails, unless you turn security from SSL to None
Yahoo's support team says:

"It is because of Mozilla Mail update MFSA2010-70, which tookeffect in Jun 21, 2011's Mozilla Mail 3.1.11 patch, read this for detail:

In this version, Mozilla Mail will deny any SSL certificate with a wildcat, unfortunately, Yahoo mail plus uses 2 SSL certificates with wildcat:

Both are issued to * and *

(Please check this address for Yahoo mail plus SSL certificate detail)

Solution: rollback to an older version of mozilla mail."

Please, fix this problem!!!!

Reproducible: Always

Steps to Reproduce:
1.Check your or mail from a Yahoo server (e.g., or; DO NOT USE, with this server it works), SSL, Port 995 

Actual Results:  
It won't work at all!!!!

Expected Results:  
Get my mails as I've allways did with previous TB versiones
The answer from yahoo is not correct. Only wildcards for IP addresses are disallowed but not for hostnames and CN=* is clearly not an IP address.

>TB cannot get the Yahoo POP mails
and what happens ? Do you get an error message ?
Severity: critical → normal
Component: General → Security
Product: Thunderbird → MailNews Core
QA Contact: general → security
Version: unspecified → Other Branch
That answer from is not from a Yahoo employee ; it is from a contributor and I hate to say it but it is wrong
This "problem" happens with Apple, Outlook etc and is therefor not a Mozilla Thunderbird problem, so I going to close this bug:
e.g. Apple has the same problem:
Closed: 12 years ago
Resolution: --- → INVALID
anyone with a yahoo plus account that could do a manual check with openssl why or how yahoo fails ?
@Roland:  The problem does *not* occur with Outlook, which still, even now, can POP download from using SSL on port 995.  The Yahoo support/contributor points out that Mac Mail shares same core as Mozilla/Firefox/Thunderbird and is subject to the same MFSA2010-70 patch.  This is a Thunderbird/Mozilla problem, and this definitely merits a closer review and I don't get why you have been so persistent in trying to brush off this problem.

The mode of failure was that Thunderbird hung while giving the appearance of downloading and generated no error messages.

I just tried to reproduce the problem on my Ubuntu 11.04 machine and I see that Thunderbird has rolled back (on its own?) to 3.1.10, which has resolved the problem; 3.1.10 communicates with Yahoo POP SSL.
Got in touch with Yahoo Mail support and they rolled back sometime around 6p.m. Pacific June 24, 2011 to the *old* Yahoo POP server which does work with SSL, port 995 and Thunderbird 3.1.11 so everybody should be good for now using SSL, port 995

Yahoo support kindly gave me the hostname of their *new* Yahoo POP server and I tried it ([1]) and sure enough the problem re-appeared on both Thunderbird 3.1.11 and Apple (and I am sure on Outlook as well, because 99% of the time if something fails with Thunderbird and Apple, it fails with Outlook and in fact if you look at Get Satisfaction and the Yahoo boards it was failing with Outlook as well)

Therefore my conclusion (and it could be wrong but it's based on the facts of the previous paragraph but I could be missing something of course) is that it's a server issue with the new Yahoo POP server. We'll know for sure next week when the Yahoo Mail and Thunderbird developers take a look.

[1] Test
1. works with Thunderbird 3.1.11 and Apple's using SSL and port 995
2. Yahoo's new mail server whose hostname I am not at liberty to disclose, SSL, 995  with and Thunderbird
has a certificate exception which I overrode (certificate exception due to the fact that it's at a debug hostname not the production host name)
and then can't receive email
3. if i change it to New Yahoo mail server hostname,110, no SSL i.e. no connection security, then and Thunderbird can both receive email
You're right, old server now works OK with SSL Port 995
(it didn't work at all with SSL since june 21)
TKS for your help!!!
You need to log in before you can comment on or make changes to this bug.