User Help for Mozilla Thunderbird
How to enable AES 128 bit or AES 256 bit for gmail in Thunderbird?
I think you're asking how to control what cipher is used for a secure connection.
security.ssl3.rsa_aes_128_sha (128 bit AES) and security.ssl3.rsa_aes_256_sha (256 bit AES) are enabled by default. What cipher is used gets negotiated between the email client and mail server. You 'd have to use something like a packet sniffer to find out what they negotiated. However, since the same ciphers are available in Firefox you could make a reasonable guess by making a SSL connection to Gmail using Firefox and then click on the envelope icon in the address bar, press "more information" and then "general". That shows 128bit RC4.
I then set to false all of the RC4 entries such as security.ssl3.rsa_rc4_128_md5 and tried again. I'd previously set to false many of the weaker ciphers such as all of the RC2 entries. This time it chose 256 bit AES. You can toggle these settings using the config editor in tools -> options -> advanced -> general. If you do this don't get too aggressive in disabling weak ciphers or you might cause problems with secure connections to other servers.
You might find http://support.mozilla.com/en-US/kb/Con ... FIPS+140-2 useful as a guide to what ciphers to disable.
I am asking about Thunderbird, but you have said me how to disable the weak security protocols such as RC4 in Firefox!
I am using gmail in Thunderbird, and I don't know how to use AES 128 bit or AES 256 bit for gmail in it. When I disabled every other weak protocol (filter: security.ssl3 - false for every thing other than aes 128 or aes 256) in Thunderbird, gmail and hotmail refused to connect.
Please let me know how I use aes 128 or aes 256 for gmail and hotmail in Thunderbird.
I really don't bother about my security protocol in Firefox.
I already told you what to do. I suggested you tweak Firefoxs settings while connecting to gmail webmail and once you verified what it used set Thunderbird to use the same SSL3 settings. You can undo the Firefox settings afterwards if you want, it was merely a tool to try to figure out what settings to change in Thunderbird because there is no convenient way to tell what cipher Thunderbird chooses.
See http://luxsci.com/blog/256-bit-aes-encr ... urity.html . All of my ssl3 ciphers are false except for:
ecdsa is "Elliptic Curve DSA". ecdh is "Elliptic Curve Diffie-Hellman"
http://www.mozilla.org/projects/securit ... ithms.html
I have no problem with secure connections to hotmail, gmail, aim, gmx, and fastmail.
how would I know, which protocol is being used by my email service provider on Thunderbird?
under security.ssl3 I have all to default other than the following keys set to false.
I could send and receive emails on my gmail (imap.gmail.com - #993 - SSL; smtp.gmail.com - #25 -TLS). But I can only receive emails to my hotmail (pop3.live.com -#995 - SSL; smtp.live.com - #25 - TLS), and can't send!
Error message follows:
How could I make hotmail to send emails on my Thunderbird?
The only way I can think of is to use a protocol analyzer like WireShark and I'm not sure that would let you see it negotiating what cipher to use. I've read man pages for telnet that mention that "telnet protocol negotiation goes encrypted" so its possible that occurs with any email client. That is why I keep talking about seeing what cipher it uses with webmail.
If you read the article I linked to, he apparently leverages the fact that he is an admin at the email provider to see what cipher Thunderbird uses. I don't know of an equivalent to a SSL test site like https://www.fortify.net/sslcheck.html that you can use with Thunderbird.
You keep asking the same question hoping I will eventually give you a different answer. We're not run by or associated with Mozilla despite the similarity in names and the fact their support page links to us. We're a independent user community, and I'm just a user like yourself.
I assume it worked before. Make a webmail connection to Hotmail and see what cipher it uses. Perhaps Hotmail doesn't support AES and the strongest cipher it supports is DES or 128 bit RC4.
I just tried to login to hotmail webmail and it defaulted to "3DES-EDE-CBC 168bit". I had security.ssl3.rsa_des_ede3_sha (168-bit Triple DES with RSA and a SHA1 MAC) true in Firefox but false in Thunderbird. Try setting it true.
all those you said above for security.ssl3 are true for me as well. With some others in this filter, set to true or false. Then why am I unable to send on hotmail?
security.ssl3.rsa_des_ede3_sha was already true for me on Thunderbird!
I have no idea. My hotmail account in Thunderbird works but its webmail refuses to log me in (claims "The Windows Live Network is unavailable from this site") so I have low expectations of Hotmail working.
Did it work before you started tweaking SSL settings?
yes, the hotmail was fine on Thunderbird before I changed the following to false.
Is any of these true for you on Thunderbird?
are these same for you?
pop3.live.com -#995 - SSL
smtp.live.com - #25 - TLS
No, I'm using port 587 for the SMTP server. I can't use port 25 because my ISP blocks it. See http://kb.mozillazine.org/Hotmail
I get a error about it can't get connect to the SMTP server (same as the one whose image you provided) when I try to send a message using the hotmail smtp server. I had that problem before I ever tweaked the SSL cipher settings. That's why I normally use a different email providers SMTP server with hotmail. That works fine using the latest SSL cipher settings.
Who is online
Users browsing this forum: No registered users and 2 guests