Error sending and receiving encrypted IMAP/SMTP. Only works 2nd try. Cipher Suite
Hi, Im using Thunderbird to access 4 e-mail accounts hosted on siteground.com All accounts SSL/TLS for IMAP and SMTP (ports 993 and 465). Thunderbird 38.2.0 portable on windows 7.
Getting or sending mails NEVER works the first time after starting the software. It always fails but then works the 2nd time.
I have the same accounts/settings on other clients (PC and mobile) and this does not happen. I also remember this did not happen before (so maybe caused by some upgrade can't say which one).
Looking deeper (wireshark) I found that when negotiating thunderbird first tries a small number of Cipher Suites which do not include Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005).
Only on the 2nd try thunderbird tries a bigger number of cipher suites which include TLS_RSA_WITH_RC4_128_SHA (0x0005) that siteground is probably using.
Capture files and error snapshot can be found in: https://www.sugarsync.com/pf/D7635330_93903398_6849179
So, can this behaviour be changed? Can I make thunderbird send all cipher suites from the first try?? This problem is resulting in many lost sent mails.
Thanks
Mario
Svi odgovori (5)
Do you see anything in the error console? Tools (Alt-T) - Error Console
Hi, I only get the attached. for IMAP port. I dont get anything for SMTP but it always fails 1st attempt.
My understanding of the SSL/TLS handshake is that the client makes a proposal, and then the server picks the cipher suite with the best match. After all the server decides which cipher suite is choosen. If there is no overlap, no connection will be established. That appears to be the case here. Why it works in the second attempt, I have no idea.
There certainly have been changes between TB 31 and TB38. May be this is giving a clue: Web Console now warns sites using SSL3 and RC4
https://developer.mozilla.org/en-US/Firefox/Releases/37/Site_Compatibility#Security
In any case, the problem is the server, which appears to support only a RC4 cipher, and RC4 is considered insecure. So your email provider should fix the server config ASAP.
Note that SSLv3 support has been removed in Firefox 40, so it's just a matter of time until this will be removed in Thunderbird as well.
Hi, This definitely seems to be the issue. Did some additional testing with previous thunderbird and other clients and the fact that thunderbird does not offer RC4 on first attempt after initializing the software gives an error.
The provider has been informed.
However, I believe Thunderbird should handle this error better and not in a way that causes loss of emails (if I do not do an initial get to all my accounts thunderbiird cannot copy message to sent mail and its lots).
How can I make feature request/suggestion to improve the handling of this error and the message for failed smtp?
thanks
I'm not sure what exactly you'd like to have improved in Thunderbird for this particular problem. In any case, you can raise a bug for this in Bugzilla. https://bugzilla.mozilla.org/