Attention: Thunderbird 52 and Kolab 16

Franz Skale i.bin at dah.am
Fri May 12 07:30:57 CEST 2017


Hi Daniel,

today i installed a new client using a clean thunderbird 52.1.0 version.

Your proposed solution didn't work, so i tweaked and tested and came to 
the solution using the following settings:

security.tls.version.min = 1

security.tls.version.max = 2

(May 12 07:27:22 mailis cyrus-imapd/imaps[13777]: starttls: TLSv1.2 with 
cipher ECDHE-RSA-AES256-SHA384 (256/256 bits reused))

Otherwise, no connection was possible.

Rgds.

Franz


Am 11.05.17 um 19:16 schrieb Franz Skale:
> Thanks,
> it works now !
> Nevertheless, without guam it works w/o tweaking the extended conf.
> Log:
> 2017-05-11 18:53:23.881 [error] <0.84.0> Supervisor tls_connection_sup 
> had child undefined started with {tls_connection,start_link,undefined} 
> at <0.160.0> exit with reason no function clause matching 
> ssl_cipher:hash_algorithm(8) line 1196 in context child_terminated
> 2017-05-11 18:53:23.881 [error] <0.100.0> gen_server <0.100.0> 
> terminated with reason: 
> {{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...}
> 2017-05-11 18:53:23.881 [error] <0.100.0> CRASH REPORT Process 
> <0.100.0> with 0 neighbours exited with reason: 
> {{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...} 
> in gen_server:terminate/6 line 737
> 2017-05-11 18:53:23.882 [error] <0.90.0> Supervisor 
> {<0.90.0>,kolab_guam_listener} had child session started with 
> {kolab_guam_session,start_link,undefined} at <0.100.0> exit with 
> reason 
> {{function_clause,[{ssl_cipher,hash_algorithm,"\b",[{file,"ssl_cipher.erl"},{line,1196}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1706}]},{ssl_handshake,'-dec_hello_extensions/2-lc$^0/1-1-',1,[{file,"ssl_handshake.erl"},{line,1707}]},{ssl_handshake,dec_hello_extensions,2,[{file,"ssl_handshake.erl"},{line,1706}]},{tls_handshake,decode_handshake,3,[{file,"tls_handshake.erl"},{line,184}]},{tls_handshake,get_tls_handshake_aux,3,[{file,"tls_handsha..."},...]},...]},...} 
> in context child_terminated
> 2017-05-11 18:53:24.099 [error] <0.164.0> gen_fsm <0.164.0> in state 
> hello terminated with reason: no function clause matching 
> ssl_cipher:hash_algorithm(8) line 1196
> 2017-05-11 18:53:24.099 [error] <0.164.0> CRASH REPORT Process 
> <0.164.0> with 0 neighbours exited with reason: no function clause 
> matching ssl_cipher:hash_algorithm(8) line 1196 in gen_fsm:terminate/7 
> line 611
>
> Perhaps the lowlevel erlang ssl lib is buggy ? kolab_guam bug ?
> i easly can connect using:
> openssl s_client -connect mailisserver:143 -starttls imap (TLSv1.2 
> with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits reused)
> and doing:
> . login username at domain.com [password]
>
> Rgds.
>
> Franz
>
>
> Am 11.05.17 um 11:50 schrieb Franz Skale:
>> Hi,
>>
>> For thunderbird 52.1.0 the proposed solution doesn't work at all 
>> using kolab 16 on debian 8.x.
>>
>> Debugging the problem it seems that the auth command will not be 
>> passed to cyrus. (no authenticiation).
>>
>> I disabled the guam service and reconfigured cyrus-imapd.
>>
>> Now tls 1.2 works as expected.
>>
>>
>> Rgds.
>>
>> Franz
>>
>> Zitat von Daniel Hoffend <dh at dotlan.net>:
>>
>>> With Thunderbird 52 the minimal required TLS version is 1.2. But 
>>> somehow
>>> guam has problems to work with TLS 1.2. I haven't had time to take a
>>> closer look.
>>>
>>> To fix this issue you've to change the internal configuration 
>>> variable within
>>> thunderbird to lower the minimum required TLS Version to 1.1
>>>
>>> 1) Go to: Thunderbird Preferences > Advanced > Config Editor
>>>
>>> 2) Search for: security.tls.version.min
>>>
>>> 3) Replace Value for security.tls.version.min with 1 (tls 1.0) or 2 
>>> (tls 1.1)
>>>
>>> For more Information look at this mozilla article:
>>> http://kb.mozillazine.org/Security.tls.version.*
>>>
>>>
>>> -- 
>>> Regards
>>> Daniel Hoffend
>>>
>>>
>>> On 2017-04-22 13:06, Mihai Badici wrote:
>>>> On Saturday 22 April 2017 16:06:34 Stefan Froehlich wrote:
>>>> > I can confirm this issue. This only happens if you set connection
>>>> > security to STARTTLS or SSL/TLS. Setting this to None works.
>>>> >
>>>> >
>>>> > MfG Stefan Froehlich
>>>> >
>>>> > 42 ;-)
>>>> >
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Could be because of use of SSL3.0 or something like this?
>>>> I have an older kolab in place and as i see thunderbird connect  
>>>> without any
>>>> problem.
>>>> _______________________________________________
>>>> users mailing list
>>>> users at lists.kolab.org
>>>> https://lists.kolab.org/mailman/listinfo/users
>>> _______________________________________________
>>> users mailing list
>>> users at lists.kolab.org
>>> https://lists.kolab.org/mailman/listinfo/users
>>>
>>
>>
>> _______________________________________________
>> users mailing list
>> users at lists.kolab.org
>> https://lists.kolab.org/mailman/listinfo/users
> _______________________________________________
> users mailing list
> users at lists.kolab.org
> https://lists.kolab.org/mailman/listinfo/users


More information about the users mailing list