Форум спільноти Усі продукти

Hi

I have a problem with Thunderbird which might be a bit niche but here goes...

The first attempt at sending an email fails as TLS Record Layer v1 is used, the mail server sees this and hard resets the connection so sending halts. See attached Wireshark trace screenshot "Failed".

If I retry the send again Thunderbird uses TLS Record Layer v1.3 and the email goes out ok. See attached Wireshark trace screenshot "Success".

If I send another message immediately no problem but if I wait 20-30 minutes the above cycle happens again.

I have set the minimum TLS version in the config to 1.3 (option 4) and restarted Thunderbird but this has not changed anything.

Any ideas how I can fix this? It's a pain because automated replies don't work.

I'm used to check certs with right click on icon beside the address. Also for own servers in my local LAN I need this. I know there is Let's Encrypt. But sometimes it's more easy to just have a self signed cert and verify it myself. Also I want to see, who signed a cert from www.snakeoil.com/insert_your_credetials.

Please help.

rundekugel

Hello,

I have been testing all browsers I use (Firefox, Chrome, Edge) on Cloudflare Post-Quantum Key Agreement to verify PQC support. They all support the X25519MLKEM768 hybrid scheme (i.e. Cloudflare web page returns "You are using X25519MLKEM768 which is post-quantum secure").

The issue: When I run the test in Firefox multiple times by doing repeated hard refreshes (Ctrl+Shift+R), quite often the result is "You are using X25519 which is not post-quantum secure". Sometimes the very first run after opening Firefox gives the X25519 (failing) result. "Often" varies. Sometimes it's around 10 fails out of 50 tests, other times it's 1 out of 50. It seems random.

I have read that sometimes networking equipment or even ISPs can be the cause of PQC requests falling back to non-PQC due to the long keys in PQC, but I do not see this intermittent issue with Chrome or Edge on the same computer/network/ISP as Firefox. I have not seen a single failure so far on those two browsers. The only variable I am aware of is the web browser.

I also tried connecting to a cellular hotspot as well as disabling my Norton 360 firewall and the results are the same as above.

Looking for help to resolve this issue. Thanks.

For the past few days almost every site I try to visit gets the error:

Secure Connection Failed An error occurred during a connection to.... SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG

this has happened on and off in the past for one or two sites but usually fixes itself within a day or less but this time it's been days. I tried everything I've seen online: -Try without add ons, - I am using 'system settings' proxy, -Followed an 8-yr-old suggestion of switching security.tls.version.max from 4 to 3 -My AV doesn't have HTTPS scanning that I can disable -It doesn't allow me to toggle the 'enhanced tracking is on' in the address bar -I've tried adding a site as an exception to DNS over HTTPS and turning Enable DNS over HTTPS off

Nothing has helped. These are all sites I've used in the past. I am using Nightly v150 at the moment but obviously same situation with FF or R3dfox.

If anyone can suggest how to bypass this so I don't have to use Edge/Chrome/Supermium (which all display these sites without issue) I'd appreciate it so much!

(*I'm looking for help with THIS issue on a W7 laptop, not about whether I should upgrade the OS.)

Thanks.

Server Posteingang IMAP (empfohlen) imap.vodafonemail.de Ports für Posteingang IMAP SSL: 993 / TLS: 143

Server Postausgang SMTP smtp.vodafonemail.de Ports für Postausgang SSL: 465 / TLS: 25 oder 587

When adding a new email account, the built-in web browser launches and displays the OAuth screen. To verify the security of the destination site, I want to click the green lock icon in the URL bar to check the details, but I can’t click it.

Does a green lock icon mean a secure connection has been established?

Am receiving a message reading-

The certificate for imap.gmail.com does not come from a trusted source.

Why do I suddenly (from one day to another) receive the message: "Das Zertifikat für imap.gmail.com stammt nicht von einer vertrauenswürdigen Quelle."

when trying to downlowd messages from Gmail?

I have not changed anything at all.

Hello,

I am writing this message in regards to Thunderbird's GPG support after v68, in the last hope that someone suggests a solution that moves me away from version 68. I consider the current state broken.

My PGP keys reside on a Yubikey, but smartcard usage has been broken after v68, as none of the supposedly correct setups work. It should work pretty much out of the box, but it doesn't. The whole idea of moving away from Enigmail without having a properly, fully implemented support, including for smartcards, or at least for working with GPG, was utterly misguided, IMO, and broke the once nice client.

I enabled gpg usage and fetching in Settings, I imported my pubkeys to Thunderbird's PGP manager, then added my external key (with GPG). Everything looks fine. But when I click an encrypted message, I get "The secret key that is required to decrypt this message is not avaliable". Nah, it's available and it's there! The pinentry isn't appearing at all and this is the result. I believe this is TB's fault, as the pinentry correctly appears with everything else I do, also with TB 68 + Enigmail. The setup is the same. I am using the latest Gpg4win.

Settings:

mail.openpgp.allow_external_gnupg - true mail.openpgp.fetch_pubkeys_from_gnupg - true mail.openpgp.alternative_gpg_path - has no effect whether set or not

gpg-agent.conf:

enable-win32-openssh-support default-cache-ttl-ssh 900 max-cache-ttl-ssh 1800 no-allow-external-cache default-cache-ttl 300 max-cache-ttl 3000 ignore-cache-for-signing allow-loopback-pinentry

gpg.conf:

utf8-strings auto-key-locate local use-agent

FYI, adding "pinentry-program" has no effect on solving the problem, whether set or not.

Your suggestions are welcome!

On my Linux machine, I exported the public key for an email address in Thunderbird 140.8.0esr (64-bit) into a file. I transferred the file to my Windows 11 machine via Warpinator.

On the Windows machine I am running Thunderbird 148.0.1 (64-bit). In Account settings>End-to-End encryption, I click Add Key>Import an existing OpenPGP key>Select File to import, and then I select the file.

I get an error message: Error! Failed to import file.

I'm surprised. I would think that going from one installation of Thunderbird to another would work this way. I am concerned that I won't be able to read incoming encrypted emails without the key working.

Can someone help me?

I receive a lot of Thunderbird messages with this text (in French) :

"Le certificat pour imap.gmail.com ne provient pas d’une source sûre."

What I have to do please Thnx

I installed thunderbird on my new Samsung A26. I tried to configure the imap connection for my email - provider is liwest.at - per their settings. the incoming mail check worked. but the outgoing mail check gives back the error "unable to parse tls packet header" I checked username and password multiple times and tried all versions of password authentication possibilities.

I googled the error but the only thing I could find was a possible mismatch in tls versions. I asked my provider about it - their customer service could not confirm with their technicians what version is in use but according to their documentation it should be tls 1.2

Running Thunderbird 140.8.0esr 64bit Windows 11 Home, v25H2 932GB storage 32GB ram i7-13700k

Recently, I've started getting the following message every time I launch Thunderbird: "The certificate for imap.googlemail.com does not come from a trusted source."

Digging into details I get: "you are about to override how Thunderbird identifies this site" "Location: imap.googlemail.com:993" "This site attempts to identify itself with invalid information" "Unknown Identity. The certificate is not trusted because it hasn't been verified as issued by a trusted authority using a secure signature."

Digging deeper into the certificate I find the issuer is Bitdefender who I use for antivirus and VPN. However, the VPN shows no effect when enabled or disabled. The validity period is 2 Feb 2026 to 27 Apr 2026

l can get email, but cant send it. Is Bitdefender at fault?

I'm stumped. What should I do???

Thunderbird 140.7.0esr allows me to e-mail my OpenPGP public key to myself, but it doesn't seem to have any way for me to get access to my private key. I was wondering how to export keys? Thanks!

I am using a E-mail server that uses LetsEncrypt certificates. I was using Thunderbird 128 ESR without problems. When the certificate was updated, I was requested to confirm - then sending E-mails was possible. Now I have updated to Thunderbird 140 ESR. The E-Mail servers LetsEncrypt certificate was now updated but in Thunderbird I do not get any information about this, nor get I requested to check the new certificate. The SMTP connection just fails. The IMAP access to the E-mail server works fine. (IMAP and SMTP work both fine with K9-Mail on my mobile device)

How can I get Thunderbird to ask me again to check the updated certificate?

I'm using Thunderbird 140.5.0esr. I have a remote email server on a small "linode" and recently had to restore it from a backup.

When opening Thunderbird, I get the message "The certificate for adonax.com expired on 10/29/2025." I've been getting emails up to and including yesterday.

I ran the renewal program (sudo certbot renew) from the command line of my remote server, and was told the certificate did not need renewing. The "expiry date" is shown to be 2026, March 20 when having certbot display the certificate information.

So, there is some sort of disconnect happening in the communications between Thunderbird and the locations of the certificates on my server. I'm hoping for some advice as to how to trace the path. One possibility is that there is a location on my server that is used to connect to the certs and this is holding stale information due to the recent restore done for the remote server. Another is that maybe there is cached information or something else blocking the request from Thunderbird.

From Thunderbird, I am presented with a form "Add Security Exception". This indicates that thunderbird is contacting the location adonax.com:993. I checked the port from the server using UFW and it is open to all. The Thunderbird form however hangs when I hit the "Get Certificate" button, and clicking the "Confirm Security Exception" appears to do nothing. The button "View..." opens a tab with the expired certificate. All the information on the certificate that is displayed by Thunderbird looks good, matches what I have in terms of URLs, but the dates are wrong.

Is there perhaps something blocking thunderbird from using port 993? Is there a way to test that? If 993 is working, I will try to research what is going on there at the Ubuntu end. I tried putting adonax.com:993 in Chrome and got an ERR_UNSAFE_PORT, for what that is worth.

I have 4 emails in Thunderbird, one of those I also have on my phone, it is receiving mail, on my desktop, two of the emails have no email today, and two I have only one email, all should have 10 to 20 or more emails. I do have the emails on the website, but they are not loading onto Thunderbird. I get this message, "The certificate for imap.knology.net is not valid for the server. Someone could be trying to impersonate the server and you should not continue.

 Can you offer any help?