This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

After update to 38.1.0 I get - ssl_error_handshake_unexpected_alert

  • 7 replies
  • 2 have this problem
  • 1 view
  • Last reply by christ1

more options

Server uses these settings for POP3: port 995 Connection Security: SSL/TLS Authentication method: Normal password

After the updt to 38.1.0 it's just freez with "Connected to mail.serv.xxx". In Error Console I can see like something about handshaking and this: ssl_error_handshake_unexpected_alert

On another PC I have now TB 31.2.0 and all the same (mail server and settings) - no such problems.

So now I can check my mail only without "Connection Security" and at port 110.

Please stop doing it :( New update - new problems :(

Server uses these settings for POP3: port 995 Connection Security: SSL/TLS Authentication method: Normal password After the updt to 38.1.0 it's just freez with "Connected to mail.serv.xxx". In Error Console I can see like something about handshaking and this: ssl_error_handshake_unexpected_alert On another PC I have now TB 31.2.0 and all the same (mail server and settings) - no such problems. So now I can check my mail only without "Connection Security" and at port 110. Please stop doing it :( New update - new problems :(

Modified by booya

Chosen solution

I have to set security.tls.version.fallback-limit = 1

That would allow Thunderbird an insecure fallback to TLS version 1.1 or 1.0, which wouldn't be allowed by default. See https://support.mozilla.org/en-US/questions/1051530

I think my provider will not change anything about it and I will find another one

Finding a new provider sounds like a good idea.

server does not support RFC 5746, see CVE-2009-3555

See https://wiki.mozilla.org/Security:Renegotiation

Read this answer in context 👍 1

All Replies (7)

more options
more options

christ1 said

Can you post a screenshot of the error? http://support.mozilla.org/en-US/kb/how-do-i-create-screenshot-my-problem

Sure, but I have a russian ver. of Thunderbird. Sorry.

So when I'm not using any SSL-coonection (first part of a screenshot), TB can check mail and error log is clean. But with SSL (second part), log says about an error during connection to a server and:

SSL peer was not expecting a handshake message it received. (Error code: ssl_error_handshake_unexpected_alert)

Thank you!

Modified by booya

more options
more options

Thank you for the answer and for the links.

So how can I solve the problem?

Now I have 38.3.0 and on another PC still 31.2.0. So I'm still using PO3 at 110 port without any SSL and on 31.2.0 I can use port 995 and SSL/TLS. Mail server is the same.

Modified by booya

more options

You should talk to your email provider. My best guess is their server configuration is screwed. Or find a new provider where you can use SSL/TLS properly.

more options

My email privider answered me:

I have to set security.tls.version.fallback-limit = 1

I did it and it works, but now I have to press F5 (to check mail) twice.

I think my provider will not change anything about it and I will find another one, but my friend have 2000 visiting cards with with buggy provider...

I have another question - I've registered mail server at another provider (it's mine domainm, but mail server not) and now I can see:

server does not support RFC 5746, see CVE-2009-3555

when sending messages (SSL/TLS, 465 port, Normal Password). Is that bad?

Is it better anyway than my previous provider? At least it's mine domain and I can change provider when I want.

Thank you!

Modified by booya

more options

Chosen Solution

I have to set security.tls.version.fallback-limit = 1

That would allow Thunderbird an insecure fallback to TLS version 1.1 or 1.0, which wouldn't be allowed by default. See https://support.mozilla.org/en-US/questions/1051530

I think my provider will not change anything about it and I will find another one

Finding a new provider sounds like a good idea.

server does not support RFC 5746, see CVE-2009-3555

See https://wiki.mozilla.org/Security:Renegotiation