SSL/TLS STARTLS problems with TB 52.1.1 for win32 and mac

[pirl8]

Hi,

after upgrading to v52.1.1 sending via SSL/TLS or STARTTLS does not work either with SSL/TLS, normal password, port 465 and STARTTLS,normal password,port 587.

I've enabled client logging via MOZ_LOG/MOZ_LOG_FILE but the log file is empty.
On the server side there's a Postfix 2.6.6-8 on CentOS6. When I try to connect I get this log:

Code: Select all

May 23 12:40:29 aaa postfix/smtpd[19556]: connect from a.b.c.d[1.2.3.4]
May 23 12:40:29 aaa postfix/smtpd[19556]: setting up TLS connection from a.b.c.d[1.2.3.4]
May 23 12:40:29 aaa postfix/smtpd[19556]: Anonymous TLS connection established from a.b.c.d[1.2.3.4]: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)
May 23 12:40:29 aaa postfix/smtpd[19556]: warning: TLS library problem: 19556:error:14094414:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate revoked:s3_pkt.c:1275:SSL alert number 44:
May 23 12:40:29 aaa postfix/smtpd[19556]: lost connection after STARTTLS from a.b.c.d[1.2.3.4]
May 23 12:40:29 aaa postfix/smtpd[19556]: disconnect from a.b.c.d[1.2.3.4]

The certificate is issued by Let's Encrypt and is valid.

The problem is present either with the win32 and the OsX client.
If I downgrade to v45.8.0 messages are sent regularly again.

Any clue?

ERROR: it was certified by StartCom. I've switched to Let's Encrypt and now 52.1.1 works.

[tanstaafl]

See http://kb.mozillazine.org/Session_logging_for_mail/news for how to enable smtp logging. I use a smtp.bat file that contains:

set NSPR_LOG_MODULES=smtp:5,timestamp
set NSPR_LOG_FILE=c:\Users\Eric\Profiles\Thunderbird\smtp.log
"C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe" -safe-mode

when I want to generate a smtp log file. You'd need to change the log file location. You don't need to enable safe mode when logging, I like to do that just to eliminate any possibility of side effects due to an add-on.

What is the full text of the error message that you get when you try to send?
If you delete the saved smtp server password, exit (since the deleted password is still in memory), restart, and try to send does it prompt you for the password?

"warning: TLS library problem: 19556:error:14094414:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate revoked:s3_pkt.cSSL alert number 44:" makes me wonder if they modified the TLS code again to make it stricter about enforcing the standard, despite nothing about it in the release notes. Every time they do that some people run into problems.

[tanstaafl]

Mozilla dropped support for StartCom certificates last year. See https://blog.mozilla.org/security/2016/ ... tificates/ . However, 45.8.0 was released March 7, 2017. It should not have supported StartCom certificates too.