Friday, 5 December 2014

Mozilla Thunderbird and SSL v3


In case it helps, I needed to make Thunderbird LESS secure in order to access a Newsgroup server that was offering up SSL v3.

This was what I saw in TB's Error Console: -

Timestamp: 05/12/2014 13:12:40
Error: An error occurred during a connection to newsgroup.foobar.com:563.

Cannot communicate securely with peer: no common encryption algorithm(s).

(Error code: ssl_error_no_cypher_overlap)


and this is what led me to the solution: -

openssl s_client -connect newsgroup.foobar.com:563 -status

...
New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3

...

In other words, the site is using SSL v3 and, I guessed, Thunderbird 31.3.0 no longer supported it out-of-the-box, thanks to POODLE.

This page from Novell: -


showed me how to DISABLE support for v3 in Thunderbird: -

...
Firefox and Thunderbird

In older Firefox Browsers (before 23), there was a menu entry to disable SSLv3 (Preferences-Advanced-Encryption).

For more recent Firefox versions you need to use the detailed configuration. Go to "about:config", search for "security.tls.version.min" and change the value to "1" at least.
The default is "0", see:
http://http://kb.mozillazine.org/Security.tls.version.*
The same steps are needed for Thunderbird.
....

so I merely had to reverse their good advice.




A quick restart of Thunderbird, and it was all up-and-running.

Shiny.

No comments: