Thunderbird 52.6.0 and SSLv3 Errors with IMAP

[forrie]

Since updating to the latest Thunderbird, none of my clients are able to interact with our Dovecot IMAP server. That is, I have 4 different installations of Thunderbird that were working just fine until the update. The logs show:

TLS handshaking: SSL_accept() failed: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher

However, upon reading about some related issues, even disabling security.ssl3 doesn't work.

Our Dovecot server disables SSLv3, so that's not the issue. I'm stumped as to how to fix this problem with Thunderbird. All our other mail clients are working fine, I seem to be the only one here using TB.



Thanks,

Forrest

[tanstaafl]

Thunderbird uses TLS (or StartTLS), not SSL, despite parts of the user interface referring to SSL/TLS. This change was made due to the poodle attack against SSLv3. The security.ssl3 settings for the ciphers used to effect both SSL and TLS, not they just effect TLS.

The default ciphers are typically the same in both Thunderbird and Firefox. I suggest you log into webmail for your Dovecot server using Firefox and see what cipher its using. You should be able to get that by clicking on the padlock (or whatever icon is currently used, I don't have Firefox installed anymore) at the far left of the address bar.

https://www.ssllabs.com/ssltest/viewMyClient.html is useful. Compare the cipher suites it claims the web site is using with the security.ssl3 settings in Thunderbird to see if there is any overlap. I suspect the other email clients are using a weaker cipher that Thunderbird has dropped support for. https://zurgl.com/how-to-configure-tls- ... n-dovecot/ seems to imply that ssl_cipher_list in /etc/dovecot/conf.d/10-ssl.conf specifies the ciphers that the Dovecot server uses.

The last change in Thunderbird's ciphers that I remember was in version 38.0 where 512 bit DH keys were disabled due to being not secure enough. There might have been later changes, but none of the release notes for 52.* mention it.

https://wiki.mozilla.org/Security/Server_Side_TLS

[forrie]

The configuration on our system says:

ssl_cipher_list = ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:-MEDIUM:-LOW:-SSLv2:-SSLv3:+TLSv1:+EXP:+eNULL

Looking at this, I would imagine it should just work -- but it is not. I know there were some changes internally due to a security audit, but no other mail clients are reporting this problem, just me, and that's with at least three Mac systems that have been previously working (no changes locally). I'm going to guess there may be a local TB setting I can tweak to fix this?

[tanstaafl]

That ssl_cipher setting seems to be stating that you include ciphers that use both RC4 and RSA, some 40 bit export ciphers (while excluding 56 bit export ciphers) plus some ciphers that do not support encryption. Thunderbird doesn't support those ciphers. There is a security.ssl3.dhe_rsa_aes_128_sha , security.ssl3.rsa_aes_128_sha and security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 for example, but none that use RC4.

Am I misunderstanding the syntax?

I understand what +HIGH means but its not clear to me what pool of ciphers ssl_cipher was selecting from. A link to a screen shot of what https://www.ssllabs.com/ssltest/viewMyClient.html reports for your webmail would have avoided this confusion.

https://wiki.archlinux.org/index.php/Dovecot states:

Warning: If you plan on implementing SSL/TLS, please respond safely to POODLE and FREAK/Logjam by adding the following to your configuration in /etc/dovecot/conf.d/10-ssl.conf:

ssl_min_protocol = TLSv1
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
ssl_prefer_server_ciphers = yes

I don't know if that is good advice but I notice that it appears to block some of the ciphers that you are explicitly allowing.

[forrie]

Tanstaafl, thank you; this solved the problem. Our sysadmin that made the previous changes included these and now Thunderbird works.