Thunderbird and Logjam

Thunderbird Thunderbird 최종 변경일: 18%의 사용자가 유용하다고 평가했습니다.
아직 누구도 이 문서의 번역에 참여하지 않았습니다. SUMO 문서 변역에 참여하는 방법에 대해 이미 알고 계시다면, 번역을 시작해 보세요 . SUMO 문서를 번역하는 방법에 대해 알고 싶으시면, 여기서 시작하세요.

Thunderbird 38.1.0 (and newer) and the ESR release 31.8.0 includes improvements done by the Firefox core developers to patch the Logjam common vulnerability (CVE-2015-4000) in all Mozilla products.

What does this mean to me?

Nothing, unless your mail server still uses very old cipher keys for SSL/TLS. If the server has not been patched to use a more recent set of keys (2048 bit), your connection to the server will fail with the following distinctive error message appearing in the Error console (Ctrl + Shift + J).

LogJam in the error console

What do I need to do?

  • If a mail server you use is affected, in the first instance contact your mail provider. All servers should be updated to protect you and your information.
  • If you are the mail server administrator, you need to view the info published by the Working Group that detected the issue here. Note especially the sysadmin guide.
When visiting that page, your browser will be tested to see if it is vulnerable to the attack, and you will be notified accordingly.

There is a short-term workaround for those using Thunderbird, by installing the add-on Disable DHE. This is listed as a Firefox add-on, and therefore must be downloaded to your computer using a browser, then installed with the Thunderbird Add-ons Manager using "Install Add-on From File...". Disable DHE will not appear in the Thunderbird Add-ons Manager if you search for it from Thunderbird.

The use of the add-on is not a long term solution, and is not a substitute for fixing the server. By using it, you are at risk of a man-in-the-middle attack, but it gives breathing time for the server adminstrator to generate and install better key pairs on the server.

이 문서가 도움이 되셨습니까?

잠시만 기다려 주십시오...

문서 작성 및 변경에 도움 주신 분들

Illustration of hands

도움 주기

전문 지식을 성장시키고 다른 사람들과 공유세요. 질문에 답하고 지식 기반을 개선할 수 있습니다.

자세히 살펴보기