Cannot send email after disabled SSL 3 on Exim - Thunderbird 38.5.1
Hi, after disabling SSL 3 into my VPS now Thunderbird not send animore email. Give to me error ssl_error_no_cypher_overlap
Please how to solve this? Smartphone works also Outlook, just only Thunderbird not work.
Chosen solution
This seems to be not an issue with Thunderbird but server side.
Read this answer in context 👍 0All Replies (20)
I have disabled SSLv3 on TLS Chipter suite on Exim and now Thunderbird are unable to send email.
If I remove !SSLv3 from Exim Thunderbird works again but my server is vulnerable to SSL 3
Why Thunderbird are unable to send email and give to me error ssl_error_no_cypher_overlap ?
I AM using TLSv1.2 this should be supported. If I add my account on Outlook works... on the Smartphone works, just on Thunderbird I continue to have this issue.
Please help me I need resume work with email.
If I remove !SSLv3 from Exim Thunderbird works again but my server is vulnerable to SSL 3
I don't understand that. Please elaborate.
I have a VPS server where i manage emails. Email are managed in my PC by Thunderbird.
On my VPS I have disabled SSL 3 so Thunderbird seems not work. I AM able to set up my VPS email address on Outlook, on TypeApp on Android ... sent email without problem.
I AM unabe to send email on Thunderbird. I Cannot understand why.
If I add SSL v 3 to exim.conf chipters Thunderbird works again and alow me also to send email but I need disable SSL 3 for vulnerability.
My issue is now Thunderbird not send email and give error on console ssl_error_no_cypher_overlap
In your account settings, do you have Connection Security set to STARTTLS or to SSL/TLS? Have you tried the other one?
Do you recall ever making any changes in the Config Editor to these preferences:
- security.tls.version.min (default 1 = TLS 1.0)
- security.tls.version.max (default 3 = TLS 1.2)
Note: These refer to Thunderbird settings, not your server.
Modified
Can you post your Troubleshooting Information? At the top right of the Thunderbird window, click the menu button , then select Help > Troubleshooting Information. Press the Copy text to clipboard button and paste the information into your reply.
What are the exact cipher suites your VPS server supports after disabling SSLv3? Something like this: https://www.grc.com/miscfiles/SChannel_Cipher_Suites.txt
christ1 said
Can you post your Troubleshooting Information? At the top right of the Thunderbird window, click the menu button , then select Help > Troubleshooting Information. Press the Copy text to clipboard button and paste the information into your reply. What are the exact cipher suites your VPS server supports after disabling SSLv3? Something like this: https://www.grc.com/miscfiles/SChannel_Cipher_Suites.txt
If I paste this information there are sensible data email account... I don't want make public.
I don't know after disabling SSL V 3 what is supported but I think TLS V 1.2 as other program seems to send with that.
jscher2000 said
In your account settings, do you have Connection Security set to STARTTLS or to SSL/TLS? Have you tried the other one? Do you recall ever making any changes in the Config Editor to these preferences:Note: These refer to Thunderbird settings, not your server.
- security.tls.version.min (default 1 = TLS 1.0)
- security.tls.version.max (default 3 = TLS 1.2)
No I have the same
- security.tls.version.min (default 1 = TLS 1.0)
- security.tls.version.max (default 3 = TLS 1.2)
I don't know after disabling SSL V 3 what is supported
Then I'd suggest you find out.
How?
The strange things from smartphone email works also from other software ... just only Thunderbird not let me send email.
I don't know how check what is supported.
In the Config Editor, if you filter using ssl3 you can see whether any ciphers are disabled within Thunderbird.
For purposes of avoiding connection failures on servers that have not been updated to work around Logjam, you can double-click these to toggle them to false:
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
I have disabled SSL 3 everywhere
I don't know how check what is supported.
Well, this isn't a forum for the Exim mail server. I guess Google is your friend.
This article may help. https://wiki.mozilla.org/Security/Server_Side_TLS
Thanks. I have already founded and looked at the article but not help.
I don't need help for Exim as is Thunderbird who are not working. When I sent email not work. If I setup same account everywhere is working. Tried also a fresh install of thunderbird but this not solve the issue
peopleinside said
I have disabled SSL 3 everywhere
Were you replying to my comment:
In the Config Editor, if you filter using ssl3 you can see whether any ciphers are disabled within Thunderbird. For purposes of avoiding connection failures on servers that have not been updated to work around Logjam, you can double-click these to toggle them to false:
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Do not confuse these ciphers with the SSLv3 protocol. If you have disabled all of the ciphers then Thunderbird won't be able to make any secure connections to anything. The only ciphers I recommend disabling (setting to false) are the two I listed. Leave the others set to their default value of true.
peopleinside said
christ1 saidCan you post your Troubleshooting Information?If I paste this information there are sensible data email account... I don't want make public.
You can edit out your email address (if that is in there) and server name before posting. Use "Preview Reply" to see exactly what will be posted when you click Post Reply.
jscher2000 said
peopleinside saidI have disabled SSL 3 everywhereWere you replying to my comment:
In the Config Editor, if you filter using ssl3 you can see whether any ciphers are disabled within Thunderbird. For purposes of avoiding connection failures on servers that have not been updated to work around Logjam, you can double-click these to toggle them to false:
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
Do not confuse these ciphers with the SSLv3 protocol. If you have disabled all of the ciphers then Thunderbird won't be able to make any secure connections to anything. The only ciphers I recommend disabling (setting to false) are the two I listed. Leave the others set to their default value of true.
Hi, thank you. I have set to false
- security.ssl3.dhe_rsa_aes_128_sha
- security.ssl3.dhe_rsa_aes_256_sha
but issue persist also by closing and opening again Thunderbird I cannot send email so putted back again tu true as is the same.
Here is my paste:
The account who not work is account
Modified
Thunderbird are able to send email if in my VPS exim.conf there are this:
tls_require_ciphers = ALL:HIGH:MEDIUM:+TLSv1.1:+TLSv1.2:!SSLv2
without :!SSLv3 at the end but this make my server vulnerable to the POODLE SSL3
so I putted in my exim.conf
tls_require_ciphers = ALL:HIGH:MEDIUM:TLSv1.1:+TLSv1.2:!SSLv2:!SSLv3
this will secure my server and not allow SSL3 but Thunderbird with that stop to send email on Thunderbird.
Continue to work well on my Smarphone Android with TypeApp or with Outlook who are able to send email correctly, just only Thunderbird not work if I Disable SSL 3.
How to fix? I can't remove !SSLv3 from the string because safety is the first point.
Modified
Is there anything suspicious in the Error Console? Tools (Alt-T) - Error Console
Hi christ1 thank you for your message. There are some errors yes, I can attach a screen shot but what make me afraid is I have already tried to remove completly Thunderbird and Thunderbird Folder and start a new install withiut nothing.
Also in this case Thunderbird are unable to send message.
This issue is only with the email of my VPS and is present only after I add -SSLv3 in my VPS Exim (4.72) "tls_require_ciphers =".
If I remove -SSLv3 I AM able again to send email from Thunderbird but I can't remove that from the server because of security.
So I don't know if that is a BUG an issue with Thunderbird because from Outlook or from TypeApp on my Smarphone (Android) I have no issue on sending email.
I have opened a BUG https://bugzilla.mozilla.org/show_bug.cgi?id=1246144 BUT I want solve ASAP this issue as I can't send email...
You can download screen here: http://expirebox.com/download/df13d5c795bafdac5a10d06e8ce21757.html
This link will expire in two days.
Modified