Friday, 5 December 2014

Mozilla Thunderbird and SSL v3

In case it helps, I needed to make Thunderbird LESS secure in order to access a Newsgroup server that was offering up SSL v3.

This was what I saw in TB's Error Console: -

Timestamp: 05/12/2014 13:12:40
Error: An error occurred during a connection to

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)

and this is what led me to the solution: -

openssl s_client -connect -status

New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : SSLv3


In other words, the site is using SSL v3 and, I guessed, Thunderbird 31.3.0 no longer supported it out-of-the-box, thanks to POODLE.

This page from Novell: -

showed me how to DISABLE support for v3 in Thunderbird: -

Firefox and Thunderbird

In older Firefox Browsers (before 23), there was a menu entry to disable SSLv3 (Preferences-Advanced-Encryption).

For more recent Firefox versions you need to use the detailed configuration. Go to "about:config", search for "security.tls.version.min" and change the value to "1" at least.
The default is "0", see:
The same steps are needed for Thunderbird.

so I merely had to reverse their good advice.

A quick restart of Thunderbird, and it was all up-and-running.


No comments:

Grokking grep

A colleague was tinkering with grep  and, thanks to him, I discovered a bit more about the trusty little utility. I had not really explored ...