Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

New thunderbird 38.1.0 do ssl_error_weak_server_cert_key

  • 4 replies
  • 12 have this problem
  • 10 views
  • Last reply by ilmes

ilmes
ilmes
more options

New thunderbird 38.1.0 go in ssl_error_weak_server_cert_key when try to connect to a imap server that use a self made ssl certificate and do not see in the local certificate to see if the certificate is signed as Trust.

In the net i see this : https://fossies.org/diffs/thunderbird/38.0.1.source_vs_38.1.0.source/mozilla/security/nss/lib/ssl/sslerr.h-diff.html

Please help me.

Ettore

New thunderbird 38.1.0 go in ssl_error_weak_server_cert_key when try to connect to a imap server that use a self made ssl certificate and do not see in the local certificate to see if the certificate is signed as Trust. In the net i see this : https://fossies.org/diffs/thunderbird/38.0.1.source_vs_38.1.0.source/mozilla/security/nss/lib/ssl/sslerr.h-diff.html Please help me. Ettore

Chosen solution

Mozilla product no longer accept 512 bit keys. Generate a certific ate with 2048bit.

See http://thunderbirdtweaks.blogspot.com.au/2015/07/logjam-and-thunderbird.html

Read this answer in context 👍 0

All Replies (4)

christ1
christ1
  • Top 25 Contributor
more options

Is this a 1024-bit SSL certificate issued after December 31, 2013? Those certificates are no longer trusted. See https://developer.mozilla.org/en-US/Firefox/Releases/38/Site_Compatibility#Security

ilmes
ilmes Question owner
more options

This is our certificate:

Certificate: 

   Data:
       Version: 3 (0x2)
       Serial Number:
           91:5a:69:68:ad:82:e2:2b
   Signature Algorithm: sha1WithRSAEncryption
       Issuer: C=IT, ST=MILAN, L=BUSSERO, O=H.T. Stone S.r.l., OU=SedeCentraleHTStone, CN=H.T.Stone Certificato di 30 anni (2044)/emailAddress=amministrazione@htstone.it
       Validity
           Not Before: May 26 12:43:15 2014 GMT
           Not After : Jul  7 12:43:15 2044 GMT
       Subject: C=IT, ST=MILAN, L=BUSSERO, O=H.T. Stone S.r.l., OU=SedeCentraleHTStone, CN=H.T.Stone Certificato di 30 anni (2044)/emailAddress=amministrazione@htstone.it
       Subject Public Key Info:
           Public Key Algorithm: rsaEncryption
               Public-Key: (512 bit)
               Modulus:
                   00:a3:7e:ae:43:62:6b:63:8e:54:ba:a6:5c:d8:bc:
                   69:41:53:23:f0:a7:a4:57:f1:e3:34:d7:00:2d:ec:
                   fa:75:e6:8d:e0:97:a7:d0:28:87:e8:2e:07:ae:cd:
                   2b:45:25:84:ff:79:bc:19:a0:2b:78:8e:6a:3a:cf:
                   eb:75:c2:b1:15
               Exponent: 65537 (0x10001)
       X509v3 extensions:
           X509v3 Subject Key Identifier: 
               12:17:13:2E:02:7F:E5:71:CB:E2:B8:51:0E:C9:16:E4:50:39:C6:8F
           X509v3 Authority Key Identifier: 
               keyid:12:17:13:2E:02:7F:E5:71:CB:E2:B8:51:0E:C9:16:E4:50:39:C6:8F

           X509v3 Basic Constraints: 
               CA:TRUE
   Signature Algorithm: sha1WithRSAEncryption
        81:88:3a:fc:9d:21:e4:e5:30:fe:4d:71:a6:16:74:49:3c:9e:
        25:17:a5:9e:35:d2:19:7c:bb:98:1c:f1:4b:69:c1:ab:3c:82:
        04:bc:c3:67:ef:fa:af:ee:e0:37:1e:86:5f:59:46:4e:b9:25:
        ea:7b:26:b9:cc:9b:7a:c0:c2:ca
BEGIN CERTIFICATE-----

MIIC1zCCAoGgAwIBAgIJAJFaaWitguIrMA0GCSqGSIb3DQEBBQUAMIHGMQswCQYD VQQGEwJJVDEOMAwGA1UECAwFTUlMQU4xEDAOBgNVBAcMB0JVU1NFUk8xGjAYBgNV BAoMEUguVC4gU3RvbmUgUy5yLmwuMRwwGgYDVQQLDBNTZWRlQ2VudHJhbGVIVFN0 b25lMTAwLgYDVQQDDCdILlQuU3RvbmUgQ2VydGlmaWNhdG8gZGkgMzAgYW5uaSAo MjA0NCkxKTAnBgkqhkiG9w0BCQEWGmFtbWluaXN0cmF6aW9uZUBodHN0b25lLml0 MB4XDTE0MDUyNjEyNDMxNVoXDTQ0MDcwNzEyNDMxNVowgcYxCzAJBgNVBAYTAklU MQ4wDAYDVQQIDAVNSUxBTjEQMA4GA1UEBwwHQlVTU0VSTzEaMBgGA1UECgwRSC5U LiBTdG9uZSBTLnIubC4xHDAaBgNVBAsME1NlZGVDZW50cmFsZUhUU3RvbmUxMDAu BgNVBAMMJ0guVC5TdG9uZSBDZXJ0aWZpY2F0byBkaSAzMCBhbm5pICgyMDQ0KTEp MCcGCSqGSIb3DQEJARYaYW1taW5pc3RyYXppb25lQGh0c3RvbmUuaXQwXDANBgkq hkiG9w0BAQEFAANLADBIAkEAo36uQ2JrY45UuqZc2LxpQVMj8KekV/HjNNcALez6 deaN4Jen0CiH6C4Hrs0rRSWE/3m8GaAreI5qOs/rdcKxFQIDAQABo1AwTjAdBgNV HQ4EFgQUEhcTLgJ/5XHL4rhRDskW5FA5xo8wHwYDVR0jBBgwFoAUEhcTLgJ/5XHL 4rhRDskW5FA5xo8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAIGIOvyd IeTlMP5NcaYWdEk8niUXpZ410hl8u5gc8Utpwas8ggS8w2fv+q/u4Dcehl9ZRk65 Jep7JrnMm3rAwso=

END CERTIFICATE-----
Matt
Matt
  • Top 10 Contributor
  • Moderator
more options

Chosen Solution

Mozilla product no longer accept 512 bit keys. Generate a certific ate with 2048bit.

See http://thunderbirdtweaks.blogspot.com.au/2015/07/logjam-and-thunderbird.html

ilmes
ilmes Question owner
more options

I created a new self-made Certificate with a key of 2048 bit, and i put it in my hMailServer IMAP protocol configuration. It works. Problem solved. Thanks

Ettore