Non-overridable TLS error occurred.
Hi all
Since yesterday Thunderbird is unable to connect to the server and download new emails.
I got the following error message: "Non-overridable TLS error occurred. Handshake error or probably the TLS version or certificate used by the server mail.blacknight.com is incompatible."
I am running Thunderbird v102.2.2 for 4 days now but yesterday was the first time this error has appeared.
security.tls.version.min is set to 1. In fact, it has been set to 1 for more than a year now.
The host tells me everything is fine with the cert used by their server.
Any ideas or help would be greatly appreciated.
פתרון נבחר
Eventually, seems to have been an Avast bug. Upgrading to Avast free latest version 22.9.6034 (build 22.9.7554.734) restored the Thunderbird communication to my IMAP server.
Read this answer in context 👍 2כל התגובות (10)
That doesn't mean they're right. You could try changing your account security settings settings (e.g., STARTTLS or SSL/TLS, etc.), but I doubt that will help.
Thanks David
I did try that, thought I knew it wouldn't help. For this server it has to be SSL for Incoming and STARTTLS for Outgoing.
UPDATE
My host has provided the below workaround as a temporary measure until they come up with a general solution.
In server settings set encryption type to none, and use the following:
For the Incoming Mailserver connection, port 110 (POP3) or port 143 (IMAP). For the Outgoing Mailserver connection, port 25 or 587.
I used the Qualsys SSL test web site with your mail server URL to test its TLS support and it was not able to connect due to "No secure protocols supported". and "no more data allowed for version 1 certificate - the certificate is invalid; it is declared as version 1, but uses extensions, which were introduced in version 3. Browsers might ignore this problem, but our parser is strict and refuses to proceed."
I've used that web site to evaluate the TLS security of many web sites and mail servers and this is the first time it flat out failed.
Your email providers temporary workaround is to essentially disable all security and send everything in the clear over the Internet. I'd expect better from somebody in the web host business. They don't even list the issue in the Tech Status Updates at https://www.blacknight.com/support/ .
I got the same problem, at the same time (Have Thunderbird v102.2.2 and security.tls.version.min is set to 1 for me, also). By temporarily disabling my antivirus's (free Avast) real-time mail shield, communication to IMAP mail server is restored. Had free Avast, tried replacing it with free Avast One suite, but the problem persisted (i.e. had to turn off Mail Shield -or the corresponding Mail Guardian in Avast One- to restore communication with IMAP mail server). Access to my other (Gmail) accounts through Thunderbird was not affected, even with mail shields on. Since no major upgrade was made to the Avast engine since August 22, I suspect the reason may lie with the most recent update of Thunderbird v102.2.2 (not sure anyway).
השתנתה ב־
Thank you @cziskarak
I took inspiration from your suggestion and unticked Mail Shield: Scan SSL connections in Avast Antivirus Free. See image attached.
This is not an ideal fix but it works for me.
P.S. For those interested in trying this, you will find the above setting as follows:
- In Avast, click the hamburger menu and select Settings.
- In the search box type geek:area
- Scroll down to the Mail section to find the above setting.
- Restart Thunderbird
Fundamentally Avast uses a self signed certificate that must be manually added to Thunderbird certificate store for the man in the middle hack that they use to scan encrypted connections to work. This may be at the root of your issue. https://support.avast.com/en-nz/article/91/#pc
Personally I do not use mail scanners at all as they provide very little in the way of benefits for the trouble they cause. As Thunderbird does not run scripts in email, really the risk is with attachments ad I just scan those before I open them. Previously I used to use the Thunderbird preference to allow antivirus scanning of email (this places a copy in the temp folder before storing it, if the AV jumps on it it is not stored. This is completely separate to any "mail scanning" the AV purports to do as this utilized basic file scanning
This test result for the server is rather damning as a secure location for doing business. https://www.immuniweb.com/ssl/mail.blacknight.com/7HgrIPCc/
FYI TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2018
Matt said
Fundamentally Avast uses a self signed certificate that must be manually added to Thunderbird certificate store for the man in the middle hack that they use to scan encrypted connections to work. This may be at the root of your issue. https://support.avast.com/en-nz/article/91/#pc
Thanks Matt. I checked this and Avast Cert had already been added to Thunderbird.
Personally I do not use mail scanners at all as they provide very little in the way of benefits for the trouble they cause. As Thunderbird does not run scripts in email, really the risk is with attachments ad I just scan those before I open them. Previously I used to use the Thunderbird preference to allow antivirus scanning of email (this places a copy in the temp folder before storing it, if the AV jumps on it it is not stored. This is completely separate to any "mail scanning" the AV purports to do as this utilized basic file scanning
Thanks for this information.
This test result for the server is rather damning as a secure location for doing business. https://www.immuniweb.com/ssl/mail.blacknight.com/7HgrIPCc/ FYI TLS 1.0 1999 TLS 1.1 2006 TLS 1.2 2008 TLS 1.3 2018
I'll bring this to their attention and see what they say.
פתרון נבחר
Eventually, seems to have been an Avast bug. Upgrading to Avast free latest version 22.9.6034 (build 22.9.7554.734) restored the Thunderbird communication to my IMAP server.
השתנתה ב־
Same Issue across multiple email accounts. Disabling AVG (which is basically avast under a different name) email protection fixed the issue. 07-October-2022.
AVG Version: 22.9.3254 (build 22.9.7554.750) Virus definition: 221006-14 UI version: 1.0.675