Attention: Thunderbird 52 and Kolab 16

Franz Skale i.bin at dah.am
Thu May 11 19:16:58 CEST 2017 

Thanks,
it works now !
Nevertheless, without guam it works w/o tweaking the extended conf.
Log:
2017-05-11 18:53:23.881 [error] <0.84.0> Supervisor tls_connection_sup 
had child undefined started with {tls_connection,start_link,undefined} 
at <0.160.0> exit with reason no function clause matching 
ssl_cipher:hash_algorithm(8) line 1196 in context child_terminated
2017-05-11 18:53:23.881 [error] <0.100.0> gen_server <0.100.0> 
terminated with reason: 
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...}
2017-05-11 18:53:23.881 [error] <0.100.0> CRASH REPORT Process <0.100.0> 
with 0 neighbours exited with reason: 
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...} 
in gen_server:terminate/6 line 737
2017-05-11 18:53:23.882 [error] <0.90.0> Supervisor 
{<0.90.0>,kolab_guam_listener} had child session started with 
{kolab_guam_session,start_link,undefined} at <0.100.0> exit with reason 
{{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...} 
in context child_terminated
2017-05-11 18:53:24.099 [error] <0.164.0> gen_fsm <0.164.0> in state 
hello terminated with reason: no function clause matching 
ssl_cipher:hash_algorithm(8) line 1196
2017-05-11 18:53:24.099 [error] <0.164.0> CRASH REPORT Process <0.164.0> 
with 0 neighbours exited with reason: no function clause matching 
ssl_cipher:hash_algorithm(8) line 1196 in gen_fsm:terminate/7 line 611

Perhaps the lowlevel erlang ssl lib is buggy ? kolab_guam bug ?
i easly can connect using:
openssl s_client -connect mailisserver:143 -starttls imap (TLSv1.2 with 
cipher ECDHE-RSA-AES256-SHA384 (256/256 bits reused)
and doing:
. login username at domain.com [password]

Rgds.

Franz


Am 11.05.17 um 11:50 schrieb Franz Skale:
> Hi,
>
> For thunderbird 52.1.0 the proposed solution doesn't work at all using 
> kolab 16 on debian 8.x.
>
> Debugging the problem it seems that the auth command will not be 
> passed to cyrus. (no authenticiation).
>
> I disabled the guam service and reconfigured cyrus-imapd.
>
> Now tls 1.2 works as expected.
>
>
> Rgds.
>
> Franz
>
> Zitat von Daniel Hoffend <dh at dotlan.net>:
>
>> With Thunderbird 52 the minimal required TLS version is 1.2. But somehow
>> guam has problems to work with TLS 1.2. I haven't had time to take a
>> closer look.
>>
>> To fix this issue you've to change the internal configuration 
>> variable within
>> thunderbird to lower the minimum required TLS Version to 1.1
>>
>> 1) Go to: Thunderbird Preferences > Advanced > Config Editor
>>
>> 2) Search for: security.tls.version.min
>>
>> 3) Replace Value for security.tls.version.min with 1 (tls 1.0) or 2 
>> (tls 1.1)
>>
>> For more Information look at this mozilla article:
>> http://kb.mozillazine.org/Security.tls.version.*
>>
>>
>> -- 
>> Regards
>> Daniel Hoffend
>>
>>
>> On 2017-04-22 13:06, Mihai Badici wrote:
>>> On Saturday 22 April 2017 16:06:34 Stefan Froehlich wrote:
>>> > I can confirm this issue. This only happens if you set connection
>>> > security to STARTTLS or SSL/TLS. Setting this to None works.
>>> >
>>> >
>>> > MfG Stefan Froehlich
>>> >
>>> > 42 ;-)
>>> >
>>>
>>>
>>>
>>>
>>>
>>> Could be because of use of SSL3.0 or something like this?
>>> I have an older kolab in place and as i see thunderbird connect  
>>> without any
>>> problem.
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
>>
>
>
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users

More information about the users mailing list