From owner-freebsd-gecko@freebsd.org Wed Nov 25 10:13:21 2020 Return-Path: Delivered-To: freebsd-gecko@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E1B8747CC40 for ; Wed, 25 Nov 2020 10:13:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4CgxYF5tBCz4pWP for ; Wed, 25 Nov 2020 10:13:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id C9C0347CC3F; Wed, 25 Nov 2020 10:13:21 +0000 (UTC) Delivered-To: gecko@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C985A47CC3E for ; Wed, 25 Nov 2020 10:13:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CgxYF5Fbtz4pq1 for ; Wed, 25 Nov 2020 10:13:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A76A47990 for ; Wed, 25 Nov 2020 10:13:21 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 0APADL21001553 for ; Wed, 25 Nov 2020 10:13:21 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 0APADLgf001552 for gecko@FreeBSD.org; Wed, 25 Nov 2020 10:13:21 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: gecko@FreeBSD.org Subject: [Bug 251327] mail/thunderbird fails to connect over ssl/tls Date: Wed, 25 Nov 2020 10:13:21 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: cmt@freebsd.org X-Bugzilla-Status: Closed X-Bugzilla-Resolution: Works As Intended X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: gecko@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_status resolution Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-gecko@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Gecko Rendering Engine issues List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Nov 2020 10:13:21 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D251327 Christoph Moench-Tegeder changed: What |Removed |Added ---------------------------------------------------------------------------- Status|New |Closed Resolution|--- |Works As Intended --- Comment #5 from Christoph Moench-Tegeder --- (In reply to Shane from comment #3) > I have changed the server name to mail.superb.net Aha. Checking that with openssl, I get, among others: - "Protocol : TLSv1" - "Peer signing digest: MD5-SHA1" or, when doing it right[tm]: "openssl s_client -no_ssl3 -no_tls1 -no_tls1_1 -connect mail.superb.net:995" yields "unsupported protocol". May I suggest that your email provider is really behind the curve with their TLS configuration? Not offering TLSv1.2 is so... 2010? Anyways, Mozilla disabled TLS 1.0 and 1.1 in the 78 versions, see release n= otes at https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/ . You could use config settings security.tls.version.enable-deprecated and/or security.tls.version.min/max to re-enable the old protocols. Please note: T= HIS IS NOT A RECOMMENDED CONFIGURATION. There's (only slightly outdated) documentation on these settings in http://kb.mozillazine.org/Security.tls.version.* (I can only hope that you don't have any problems with completely unimplemented ciphers or similar, b= ut in the end you really need to talk to your mail host provider). --=20 You are receiving this mail because: You are the assignee for the bug.=