본 사이트는 여러분의 사용자 경험을 개선하기 위해 유지 보수를 진행하는 동안 기능이 제한됩니다. 도움말로 문제가 해결되지 않고 질문을 하고 싶다면 Twitter의 @FirefoxSupport 및 Reddit의 /r/firefox 채널을 활용하세요.

Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Self-signed certificate problem after upgrade to TB 68.4.1

  • 5 답장
  • 2 이 문제를 만남
  • 1 보기
  • 최종 답변자: dominik

more options

After upgrading to TB 68.4.1 I could not read/write e-mails anymore. The error message is "The IMAP server does not support the selected authentication method". The log file shows

[(null) 18264: Unnamed thread 23287970]: D/IMAP try to log in [(null) 18264: Unnamed thread 23287970]: D/IMAP IMAP auth: server caps 0x4484421, pref 0x1006, failed 0x0, avail caps 0x0 [(null) 18264: Unnamed thread 23287970]: D/IMAP (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4, auth external IMAP login = 0x20000000, OAUTH2 = 0x800000000) [(null) 18264: Unnamed thread 23287970]: D/IMAP no remaining auth method [(null) 18264: Unnamed thread 23287970]: E/IMAP login failed entirely

So, no authentication method was even selected.

I have created a new appdata Thunderbird folder. Now I can define an exception for my certificate in the settings - without specifying the port. The downloaded certificate has the wrong port number however (should be 143 but is 443). When reading e-mails another certificate with the correct port is downloaded which I can confirm, and the e-mails are read correctly. However when restarting Thunderbird the above error message comes again and I have to repeat the procedure by first deleting the certificate and then defining an exception for it.

My questions: - How can I tell Thunderbird to accept my certificate without defining an exception in the settings? This was not required before the update. - How can I define the certificate exception in a way to get the correct port that persists after restarting Thunderbird?

After upgrading to TB 68.4.1 I could not read/write e-mails anymore. The error message is "The IMAP server does not support the selected authentication method". The log file shows [(null) 18264: Unnamed thread 23287970]: D/IMAP try to log in [(null) 18264: Unnamed thread 23287970]: D/IMAP IMAP auth: server caps 0x4484421, pref 0x1006, failed 0x0, avail caps 0x0 [(null) 18264: Unnamed thread 23287970]: D/IMAP (GSSAPI = 0x1000000, CRAM = 0x20000, NTLM = 0x100000, MSN = 0x200000, PLAIN = 0x1000, LOGIN = 0x2, old-style IMAP login = 0x4, auth external IMAP login = 0x20000000, OAUTH2 = 0x800000000) [(null) 18264: Unnamed thread 23287970]: D/IMAP no remaining auth method [(null) 18264: Unnamed thread 23287970]: E/IMAP login failed entirely So, no authentication method was even selected. I have created a new appdata Thunderbird folder. Now I can define an exception for my certificate in the settings - without specifying the port. The downloaded certificate has the wrong port number however (should be 143 but is 443). When reading e-mails another certificate with the correct port is downloaded which I can confirm, and the e-mails are read correctly. However when restarting Thunderbird the above error message comes again and I have to repeat the procedure by first deleting the certificate and then defining an exception for it. My questions: - How can I tell Thunderbird to accept my certificate without defining an exception in the settings? This was not required before the update. - How can I define the certificate exception in a way to get the correct port that persists after restarting Thunderbird?

선택된 해결법

Has you certificate store been changed by an anti virus? security.enterprise_roots.enabled in the config editor set to true.

Does your server support TLS V 1.0 and 1.1 only?

I got an email today advising it is disabled in the 73 beta, I would expect that to show up is Thunderbird 68.5 so it should not yet be an issue.

If you are talking about the distrusting of the Symantec certificates in the V68 release notes (your link is broken) they have been phased out over a long time. and as your certificate is self signed not relevant

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (5)

more options

How about just using a real certificate? We are going away from self signed certificates if I read the last changes to actually mean anything.

But no remaining auth methods usually means that the server is not running a new enough version of TLS, or the key size is not large enough, not that the certificate is invalid. (that should get an error in the user interface of it's own)

more options

Thank you for the quick reply!

It seems to be a specific problem of the Thunderbird instance on my Windows computer. I have tried to repeat the same steps in a virtual machine on my computer, and everything works as expected: 1. Created a new account with my account settings (STARTTLS, ingoing port 143, outgoing port 587) in the Thunderbird instance of my virtual machine 2. After confirmation Thunderbird comes up with the expected certificate warning (with the correct port 143) and lets me accept the certificate permanently 3. E-Mails are downloaded

In my local Thunderbird however I do not get the certificate warning in step 2 but the error message "The IMAP server does not support the selected authentication method" mentioned in my previous post. My impression is that the download request is done with the wrong port number (should be 143 for STARTTLS but is 443 for HTTPS).

What I have tried but did not help: - Reinstalled Thunderbird - Deleted appdata Thunderbird folder to let Thunderbird recreate all data including profiles - Temporarily deactivated Symantec Endpoint Protection to avoid some magic port forwarding

Any ideas? Are there any registry settings that might cause the problem? Any chance to increase debugging level to get more detailed information?

more options

I went back to TB 60.9.1 (using the existing profile) and - tata... - everything works fine again! So the problem must have to do with TB 68.4.1.

In the release notes I read that TB 68 has stricter certificate checks: https://www.thunderbird.net/en-US/thund ... easenotes/

Maybe the problem has to do with it. For now I will have to stay with TB 60...

more options

선택된 해결법

Has you certificate store been changed by an anti virus? security.enterprise_roots.enabled in the config editor set to true.

Does your server support TLS V 1.0 and 1.1 only?

I got an email today advising it is disabled in the 73 beta, I would expect that to show up is Thunderbird 68.5 so it should not yet be an issue.

If you are talking about the distrusting of the Symantec certificates in the V68 release notes (your link is broken) they have been phased out over a long time. and as your certificate is self signed not relevant

글쓴이 Matt 수정일시

more options

That was it! In TB 60 security.enterprise_roots.enabled was set to false. I updated to TB 68.4.2. and security.enterprise_roots.enabled was modified to true. I changed it back to false, and now e-mails are working as before.

I would not have found this solution. Thank you so much for your help!