为提升您的使用体验,本站正在维护,部分功能暂时无法使用。如果本站文章无法解决您的问题,您想要向社区提问的话,请到 Twitter 上的 @FirefoxSupport 或 Reddit 上的 /r/firefox 提问,我们的支持社区将会很快回复您的疑问。

搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

thunderbird keeps using tls1 for IMAP

  • 6 个回答
  • 1 人有此问题
  • 1 次查看
  • 最后回复者为 marek.zukal

more options

Thunderbird keeps using tls1 for IMAP. I tried setting up a new profile and a new account, nothing helps. I trapped the connection in Wireshark. After the connection is established, the first packet is comming from client and is being decoded as this: 794 194.220989596 192.168.88.212 77.92.222.71 TLSv1 583 Client Hello After that the server (MS exchange) kills the connection.

Gmail works fine and using tls1.2. Thunderbird 68.4.1 (64-bit) distribution package Linux Mint 19.3 Tricia

Thunderbird keeps using tls1 for IMAP. I tried setting up a new profile and a new account, nothing helps. I trapped the connection in Wireshark. After the connection is established, the first packet is comming from client and is being decoded as this: 794 194.220989596 192.168.88.212 77.92.222.71 TLSv1 583 Client Hello After that the server (MS exchange) kills the connection. Gmail works fine and using tls1.2. Thunderbird 68.4.1 (64-bit) distribution package Linux Mint 19.3 Tricia

被采纳的解决方案

Confirmed as a server problem.

定位到答案原位置 👍 0

所有回复 (6)

more options

Thunderbird 68 still supports TLS 1.0 and 1.1, but it also supports TLS 1.2. Not sure about v1.3 though. If Thunderbird negotiates TLS 1.0 or 1.1 when connecting to the server at 77.92.222.71, then this is the best that server supports.

more options

AFAIK TLS is negotiated by the client first.

Wikipedia says this: "A client sends a ClientHello message specifying the highest TLS protocol version it supports ...

And the first packet send by Thunderbird is as above. Only TLS1, no other connections are established, no other data exchanged. This is the first and only packet of negotiation.

I tried to increase security.tls.version.min in config to 2 or 3 but it did not help either.

there is also security.tls.version.fallback-limit key but I could not find any documentation and it does not seem to influence anything.

None of these config values were tempered with in the clean profile to ensure correct testing.

more options
the first packet is comming from client and is being decoded as this: 794 194.220989596 192.168.88.212 77.92.222.71 TLSv1 583 Client Hello After that the server (MS exchange) kills the connection.

Are you saying TB does not establish a TLS connection to that server at all? What is security.tls.version.min set to when this happens?

I tried to increase security.tls.version.min in config to 2

What happens when security.tls.version.min is set to 1, which is the default in TB68?

I still think the server does not support TLS 1.2.

openssl s_client -connect 77.92.222.71:993 </dev/null CONNECTED(00000003) write:errno=0 </p>

no peer certificate available

No client certificate CA names sent

SSL handshake has read 0 bytes and written 176 bytes Verification: OK

New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session:

   Protocol  : TLSv1.2
   Cipher    : 0000
   Session-ID: 
   Session-ID-ctx: 
   Master-Key: 
   PSK identity: None
   PSK identity hint: None
   SRP username: None
   Start Time: 1584816585
   Timeout   : 7200 (sec)
   Verify return code: 0 (ok)
   Extended master secret: no

由christ1于修改

more options

security.tls.version.min does not have any effect

I tried Evolution client and the results are the same. I tried with the openssl command as you did as well. All behave the same. So you are probably right.

However I still do not understand what determines the first packet content. I tried the same with Gmail and got this result: 23 5.087578452 192.168.88.212 64.233.184.109 TLSv1.3 583 Client Hello

Again, no data from the server before the server. It goes -> SYN <- SYN, ACK -> ACK -> Client hello

more options
However I still do not understand what determines the first packet content.

I can't explain that either.

more options

选择的解决方案

Confirmed as a server problem.