Closed Bug 789868 Opened 13 years ago Closed 13 years ago

xmpp - bad detect of ssl version

Categories

(Thunderbird :: Instant Messaging, defect)

Product:
Thunderbird
Component:
Instant Messaging
Version:
15 Branch
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 806228

People

(Reporter: martin, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Linux i686; rv:15.0) Gecko/20100101 Firefox/15.0.1 Build ID: 20120905151427 Steps to reproduce: I created new jabber (xmpp) account and try to connect. Actual results: No connection was established - fail with error "Server provides no authentication method" (translated from Czech). In JSconsole were this error: "jabber.webstep.net : server does not support RFC 5746, see CVE-2009-3555". Expected results: CVE-2009-3555 => openssl allows man-in-the-middle attack Debian DSA-2141 => openssl (CVE-2009-3555) has fixed => Thunderbird probably detect wrong version of openssl. In Debian's package of openssl version 0.9.8o-4squeeze13 error from CVE-2009-3555 is fixed. Sources: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555 http://forums.mozillazine.org/viewtopic.php?f=39&t=1959611 http://www.debian.org/security/2011/dsa-2141 http://packages.debian.org/squeeze/openssl
I believe this is a duplicate of bug 806228 (the only known issue that caused the "No authentication mechanism offered by the server" error message to be displayed), but I haven't actually tried to connect to jabber.webstep.net, so I'm not 100% sure. Please reopen if Thunderbird 17 still can't connect to this server.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.