thunderbird disconnect before TLS auth to IMAP

Is there anything suspicious in the error console? Tools (Alt-T) - Error Console

Nothing suspicious or very helpful. I have to partially translate the message, since the Thunderbird installation is Swedish, but the only message goes like this:

"An error occurred during connection to imap.fahller.se:143.

The other part received a valid certificate, but access was denied.

(Error code: ssl_error_access_denied_alert)"

This is the only error indication at all, by the way. The UI does not give any indication that anything goes wrong, it's just that nothing happens.

Can you post the Troubleshooting Information from both, the working Desktop Thunderbird, and the one with the problem on the laptop?

Just copy the 'Mail and News Accounts' section and paste it into your reply.

Help (Alt-H) - Troubleshooting Information

BTW, the message in the error console is actually a bit misleading. No certificate has been transferred in either direction, as is shown by the Wireshark capture.

wireshark capture

Again, it's a Swedish installation, but I guess you can get the info anyway.

I am currently travelling, so I can't access the functioning stationary machine, so the below is from the laptop that doesn't work.

Programfakta

Namn Thunderbird Version 38.2.0 Användaragent Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 Profilmapp Öppna mapp (Lokal disk) Programmets bygg-ID 20150813074416 Aktiva insticksmoduler about:plugins Byggkonfiguration about:buildconfig Minnesanvändning about:memory E-post och diskussionsgruppskonton

ID Inkommande server Utgående servrar Namn Anslutningssäkerhet Autentiseringsmetod Namn Anslutningssäkerhet Autentiseringsmetod Standard? account1 (imap) imap.fahller.se:143 alwaysSTARTTLS passwordEncrypted smtp.fahller.se:465 SSL passwordEncrypted true account2 (none) Local Folders plain passwordCleartext

I have tried both STARTTLS on port 143 and SSL/TLS on port 993, but the result is the same.

What are the settings required by your email provider? Are you certain 'passwordEncrypted' is correct? What do you see in the error console when using port 993 SSL/TLS?

Yes, I am certain that passwordEncrypted is correct. It's what I use on several different clients on several different machines.

The IMAP server accepts GSSAPI, CRAM-MD5 and DIGEST-MD5.

The linux laptop I'm typing on right now has the below (using SSL/TLS):

 Application Basics

   Name: Thunderbird
   Version: 38.2.0
   User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
   Profile Directory: Open Directory

             (Unknown location)
   Application Build ID: 20150818212443
   Enabled Plugins: about:plugins
   Build Configuration: about:buildconfig
   Memory Use: about:memory

 Mail and News Accounts
   account1:
     INCOMING: account1, , (imap) imap.fahller.se:993, SSL, passwordEncrypted
     OUTGOING: smtp.fahller.se:465, SSL, passwordEncrypted, true

   account2:
     INCOMING: account2, , (none) Local Folders, plain, passwordCleartext

christ1 said

What do you see in the error console when using port 993 SSL/TLS?

Using SSL/TLS I get the exact same message in the error console.

Testing your server with openssl using port 143 and STARTTLS appears to work.

> openssl s_client -connect imap.fahller.se:143 -starttls imap

Port 993 SSL/TLS does not.

Error code: ssl_error_access_denied_alert

openssl negotiates a TLS 1.2 session: SSL-Session:

   Protocol  : TLSv1.2
   Cipher    : DHE-RSA-AES256-GCM-SHA384

Can you also post the 'Important Modified Preferences' from the Troubleshooting Information?

Have you checked the server log by any chance?

There are intermittent authorizations problems with the server, but the problems with this windows laptop are of another kind, since it never even attempts to authenticate, it cuts the connection before trying.

The attempted connection from this laptop, and only from it, always ends with:

laptop -> server 1 Request STARTTLS server -> laptop 1 OK Begin TLS negotiation now laptop -> server <FIN> laptop -> server <SYN> server -> laptop 1 NO Starttls negotiation failed laptop -> server <RST>

From all other machines, the <FIN> message does instead initiate the TLS negotiation.

The server logs do not provide any useful information simply because the laptop ended the communication before anything of interest has happened.

The 'important modified preferences' do not seems to say much interesting either, but here they are none the less.

Viktiga ändrade inställningar Namn Värde browser.cache.disk.capacity 358400 browser.cache.disk.smart_size_cached_value 358400 browser.cache.disk.smart_size.first_run false browser.cache.disk.smart_size.use_old_max false extensions.lastAppVersion 38.2.0 font.name.monospace.el Consolas font.name.monospace.x-cyrillic Consolas font.name.monospace.x-unicode Consolas font.name.monospace.x-western Consolas font.name.sans-serif.el Calibri font.name.sans-serif.x-cyrillic Calibri font.name.sans-serif.x-unicode Calibri font.name.sans-serif.x-western Calibri font.name.serif.el Cambria font.name.serif.x-cyrillic Cambria font.name.serif.x-unicode Cambria font.name.serif.x-western Cambria font.size.fixed.el 14 font.size.fixed.x-cyrillic 14 font.size.fixed.x-unicode 14 font.size.fixed.x-western 14 font.size.variable.el 17 font.size.variable.x-cyrillic 17 font.size.variable.x-unicode 17 font.size.variable.x-western 17 mail.openMessageBehavior.version 1 mail.winsearch.firstRunDone true mailnews.database.global.datastore.id 09966ae8-5623-42fa-886f-d7121779e91 network.cookie.prefsMigrated true network.predictor.cleaned-up true places.database.lastMaintenance 1443555979 places.history.expiration.transient_current_max_pages 104858 plugin.importedState true