New thunderbird 38.1.0 do ssl_error_weak_server_cert_key
New thunderbird 38.1.0 go in ssl_error_weak_server_cert_key when try to connect to a imap server that use a self made ssl certificate and do not see in the local certificate to see if the certificate is signed as Trust.
In the net i see this : https://fossies.org/diffs/thunderbird/38.0.1.source_vs_38.1.0.source/mozilla/security/nss/lib/ssl/sslerr.h-diff.html
Please help me.
Ettore
தீர்வு தேர்ந்தெடுக்கப்பட்டது
Mozilla product no longer accept 512 bit keys. Generate a certific ate with 2048bit.
See http://thunderbirdtweaks.blogspot.com.au/2015/07/logjam-and-thunderbird.html
Read this answer in context 👍 0All Replies (4)
Is this a 1024-bit SSL certificate issued after December 31, 2013? Those certificates are no longer trusted. See https://developer.mozilla.org/en-US/Firefox/Releases/38/Site_Compatibility#Security
This is our certificate:
Certificate:
Data: Version: 3 (0x2) Serial Number: 91:5a:69:68:ad:82:e2:2b Signature Algorithm: sha1WithRSAEncryption Issuer: C=IT, ST=MILAN, L=BUSSERO, O=H.T. Stone S.r.l., OU=SedeCentraleHTStone, CN=H.T.Stone Certificato di 30 anni (2044)/emailAddress=amministrazione@htstone.it Validity Not Before: May 26 12:43:15 2014 GMT Not After : Jul 7 12:43:15 2044 GMT Subject: C=IT, ST=MILAN, L=BUSSERO, O=H.T. Stone S.r.l., OU=SedeCentraleHTStone, CN=H.T.Stone Certificato di 30 anni (2044)/emailAddress=amministrazione@htstone.it Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (512 bit) Modulus: 00:a3:7e:ae:43:62:6b:63:8e:54:ba:a6:5c:d8:bc: 69:41:53:23:f0:a7:a4:57:f1:e3:34:d7:00:2d:ec: fa:75:e6:8d:e0:97:a7:d0:28:87:e8:2e:07:ae:cd: 2b:45:25:84:ff:79:bc:19:a0:2b:78:8e:6a:3a:cf: eb:75:c2:b1:15 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 12:17:13:2E:02:7F:E5:71:CB:E2:B8:51:0E:C9:16:E4:50:39:C6:8F X509v3 Authority Key Identifier: keyid:12:17:13:2E:02:7F:E5:71:CB:E2:B8:51:0E:C9:16:E4:50:39:C6:8F
X509v3 Basic Constraints: CA:TRUE Signature Algorithm: sha1WithRSAEncryption 81:88:3a:fc:9d:21:e4:e5:30:fe:4d:71:a6:16:74:49:3c:9e: 25:17:a5:9e:35:d2:19:7c:bb:98:1c:f1:4b:69:c1:ab:3c:82: 04:bc:c3:67:ef:fa:af:ee:e0:37:1e:86:5f:59:46:4e:b9:25: ea:7b:26:b9:cc:9b:7a:c0:c2:ca
BEGIN CERTIFICATE-----
MIIC1zCCAoGgAwIBAgIJAJFaaWitguIrMA0GCSqGSIb3DQEBBQUAMIHGMQswCQYD VQQGEwJJVDEOMAwGA1UECAwFTUlMQU4xEDAOBgNVBAcMB0JVU1NFUk8xGjAYBgNV BAoMEUguVC4gU3RvbmUgUy5yLmwuMRwwGgYDVQQLDBNTZWRlQ2VudHJhbGVIVFN0 b25lMTAwLgYDVQQDDCdILlQuU3RvbmUgQ2VydGlmaWNhdG8gZGkgMzAgYW5uaSAo MjA0NCkxKTAnBgkqhkiG9w0BCQEWGmFtbWluaXN0cmF6aW9uZUBodHN0b25lLml0 MB4XDTE0MDUyNjEyNDMxNVoXDTQ0MDcwNzEyNDMxNVowgcYxCzAJBgNVBAYTAklU MQ4wDAYDVQQIDAVNSUxBTjEQMA4GA1UEBwwHQlVTU0VSTzEaMBgGA1UECgwRSC5U LiBTdG9uZSBTLnIubC4xHDAaBgNVBAsME1NlZGVDZW50cmFsZUhUU3RvbmUxMDAu BgNVBAMMJ0guVC5TdG9uZSBDZXJ0aWZpY2F0byBkaSAzMCBhbm5pICgyMDQ0KTEp MCcGCSqGSIb3DQEJARYaYW1taW5pc3RyYXppb25lQGh0c3RvbmUuaXQwXDANBgkq hkiG9w0BAQEFAANLADBIAkEAo36uQ2JrY45UuqZc2LxpQVMj8KekV/HjNNcALez6 deaN4Jen0CiH6C4Hrs0rRSWE/3m8GaAreI5qOs/rdcKxFQIDAQABo1AwTjAdBgNV HQ4EFgQUEhcTLgJ/5XHL4rhRDskW5FA5xo8wHwYDVR0jBBgwFoAUEhcTLgJ/5XHL 4rhRDskW5FA5xo8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAIGIOvyd IeTlMP5NcaYWdEk8niUXpZ410hl8u5gc8Utpwas8ggS8w2fv+q/u4Dcehl9ZRk65 Jep7JrnMm3rAwso=
END CERTIFICATE-----
தீர்வு தேர்ந்தெடுக்கப்பட்டது
Mozilla product no longer accept 512 bit keys. Generate a certific ate with 2048bit.
See http://thunderbirdtweaks.blogspot.com.au/2015/07/logjam-and-thunderbird.html
I created a new self-made Certificate with a key of 2048 bit, and i put it in my hMailServer IMAP protocol configuration. It works. Problem solved. Thanks
Ettore