After update to 38.1.0 I get - ssl_error_handshake_unexpected_alert
Server uses these settings for POP3: port 995 Connection Security: SSL/TLS Authentication method: Normal password
After the updt to 38.1.0 it's just freez with "Connected to mail.serv.xxx". In Error Console I can see like something about handshaking and this: ssl_error_handshake_unexpected_alert
On another PC I have now TB 31.2.0 and all the same (mail server and settings) - no such problems.
So now I can check my mail only without "Connection Security" and at port 110.
Please stop doing it :( New update - new problems :(
Modified by booya
Chosen solution
I have to set security.tls.version.fallback-limit = 1
That would allow Thunderbird an insecure fallback to TLS version 1.1 or 1.0, which wouldn't be allowed by default. See https://support.mozilla.org/en-US/questions/1051530
I think my provider will not change anything about it and I will find another one
Finding a new provider sounds like a good idea.
server does not support RFC 5746, see CVE-2009-3555
See https://wiki.mozilla.org/Security:Renegotiation
Read this answer in context 👍 1All Replies (7)
Can you post a screenshot of the error? http://support.mozilla.org/en-US/kb/how-do-i-create-screenshot-my-problem
christ1 said
Can you post a screenshot of the error? http://support.mozilla.org/en-US/kb/how-do-i-create-screenshot-my-problem
Sure, but I have a russian ver. of Thunderbird. Sorry.
So when I'm not using any SSL-coonection (first part of a screenshot), TB can check mail and error log is clean. But with SSL (second part), log says about an error during connection to a server and:
SSL peer was not expecting a handshake message it received. (Error code: ssl_error_handshake_unexpected_alert)
Thank you!
Modified by booya
You may want to take a look at this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=502781
Particularly comment 6: https://bugzilla.mozilla.org/show_bug.cgi?id=502781#c6
Thank you for the answer and for the links.
So how can I solve the problem?
Now I have 38.3.0 and on another PC still 31.2.0. So I'm still using PO3 at 110 port without any SSL and on 31.2.0 I can use port 995 and SSL/TLS. Mail server is the same.
Modified by booya
You should talk to your email provider. My best guess is their server configuration is screwed. Or find a new provider where you can use SSL/TLS properly.
My email privider answered me:
I have to set security.tls.version.fallback-limit = 1
I did it and it works, but now I have to press F5 (to check mail) twice.
I think my provider will not change anything about it and I will find another one, but my friend have 2000 visiting cards with with buggy provider...
I have another question - I've registered mail server at another provider (it's mine domainm, but mail server not) and now I can see:
server does not support RFC 5746, see CVE-2009-3555
when sending messages (SSL/TLS, 465 port, Normal Password). Is that bad?
Is it better anyway than my previous provider? At least it's mine domain and I can change provider when I want.
Thank you!
Modified by booya
Chosen Solution
I have to set security.tls.version.fallback-limit = 1
That would allow Thunderbird an insecure fallback to TLS version 1.1 or 1.0, which wouldn't be allowed by default. See https://support.mozilla.org/en-US/questions/1051530
I think my provider will not change anything about it and I will find another one
Finding a new provider sounds like a good idea.
server does not support RFC 5746, see CVE-2009-3555