The specific THUNDERBIRD version I refer to is Version 38.1.0, first offered to Release channel users on July 9, 2015.

It automatically installed on one machine, and when I had problems there, I tried to disable automatic updates on another working version, but that one still updated, and now has the same broken behavior with the POP server: "Unknown command"

I am guessing that the admin is referring to their failure to patch the server for the LogJam vulnerability if the problem is truly SSL/TLS.

If they have not done the necessary updates I suggest you get an administrator that cares about security as the logjam vulnerability is a common threat and is not just Thunderbird. Failure to patch a server for it is tantamount to opening the front door for thieves..

If you do not have the messages in your error console I reference in the link. Please post back so we can work out exactly what the issue is. At this point I am guessing based on your comments.

Thanks for looking at this. Problem remains unsolved: I checked the error console for the error cited in the link you gave. I do not find any errors of that type, when searching for SSL or "weak" etc.

In fact I find no errors naming the POP server that is failing to respond to login, and responding "Unknown command".... The server in question works fine with Outlook 2010 on the same machine, and worked fine with v31 of TB. They say they have updated their software to include an updated Cert for SSL/TLS.

There are some errors with some servers that are working with this client, such as this: Timestamp: 7/25/2015 1:46:02 PM Error: mobile.charter.net : server does not support RFC 5746, see CVE-2009-3555 and one Uncaught exception: Timestamp: 7/25/2015 1:50:45 PM Error: uncaught exception: 2147746065

Any insight would be appreciated.

The server that is not allowing login is parsecdata.com by the way.

I'm having this problem too since about 10pm last night, although the last update was further back than that. It just stopped collecting emails. Just says no new messages. I can SEND messages but not get any. I've already posted a question through another part of the support site (https://support.mozilla.org/en-US/search/advanced?a=1&asked_by=kctooshort&w=2) and included the variety of error messages in the log. I've disabled add-ons, tried some other things I found here, but it's still not working. I can access my Verizon emails on their webpage.

Now I have to go look up the topics mentioning problems moving back to an older version of TB.

Ok, these issues are best describes as emerging. and as we are seeing an exchange server at parsecdata then I would expect an issue. Given the Microsoft penchant for low security standards and universal comparability.

I think perhaps we should be logging the connection to see exactly what is happening. There also appear to be some very low level changes in Geko on which Thunderbird is built that are basically not documented as having occurred. Only a log will tell us what it is.

See https://wiki.mozilla.org/MailNews:Logging#Windows not to change the IMAP on the text to pop after you copy it. If you do not want to post the log publicly, please email me. My email is in my profile on the site.

So please post the part of the troubleshooting information that contains the settings for connection to parsecdata. On the help menu you will find troubleshooting information.

Finally please do this after you create a log.

Use the Config Editor to change these four settings to false

 security.ssl3.dhe_rsa_aes_128_sha
 security.ssl3.dhe_rsa_aes_256_sha
 security.ssl3.dhe_dss_aes_128_sha
 security.ssl3.dhe_rsa_des_ede3_sha

Please change then back to true if it does not fix anything, and report your results.

Can you please go to Tools menu > options > advanced > Certificates and select view certificates

In the certificate manager, open the server tab and locate the parsecdata server entry. What are the type of fingerprint listed? SHA1 SHA256 DES etc.

I have a sneaking suspicion that it will only include DES. But it is all just feelings. I lack data.

Hi Matt

1. Numbered list item

1. Parsec runs many servers, but I'm not on exchange server.

2. The logging batch file was run but produced no data (empty file). It was run with admin rights, before and after attempts to login. I tried pop as well as pop3. Empty file. Here is the batch: set NSPR_LOG_MODULES=pop3:5 set NSPR_LOG_FILE=%USERPROFILE%\Desktop\pop3.log "%ProgramFiles(x86)%\Mozilla Thunderbird\thunderbird.exe" pause 3. Below is the line from the troubleshooter:

(pop3) pop.parsecdata.com:995 SSL/TLS Encrypted password smtp.parsecdata.com:587 SSL/TLS Encrypted password true

4. on the config editor: security.ssl3.dhe_rsa_aes_128_sha

security.ssl3.dhe_rsa_aes_256_sha
security.ssl3.dhe_dss_aes_128_sha
security.ssl3.dhe_rsa_des_ede3_sha

Only the first two lines appear of the four you listed. Changing the 1st two to false produced no improvement. The only change was it took a little longer for the server to respond

I attach the listing of the found items in security.ssl3 and their status (true)

The only other odd thing since last post: This weekend TB38 did succeed in login at least once while running unattended. It downloaded mail through Sunday after noon. Then stopped working again.

Oops. Forgot about the certificates: I looked in the location you pointed to, but found NO certificate that is clearly labeled as relating to parsecdata. I'm not sure how to search through the text of these, but did look manually at the listings.

Any insight or help would be appreciated.

LZ

Here is what the server admin has to say on this subject so far:

Thunderbird is the only client that exhibits this behavior. It has to do with the way they decided to do auth.

Their suggestion is to revert to a client version that works. and turn off the auto update (for a while)....

Once the newer standards are commonly accepted ....there will be an update to ...hosting software but currently those standards are only supported by the biggest providers. We run into this sort of thing occasionally when a big provider decides to force a new standard by excluding all others. ... For example: We have had to stop using Chrome almost entirely here because ....

add the two missing entries.

Of course you could use V31, but I think the added two keys may well fix this. I am guessing some server support the enhanced protocol and some don't, hence the worked ok over the weekend.

Tried to add the two values. as Boolean, because the other two were. With true setting. There was no improvement. Still "Unknown command" Then I tried to "reset" one to remove. This changed it to string (from Boolean) instead of deleting it. (???)

Setting the string value to true, also did not fix the problem. How do I delete the values I added? See attached image.

It seems odd there is nothing in the editor to allow deletion of unwanted entries?

How does one go about reverting to V31? and bringing in all mail and settings etc.?

Thanks.

Set to default and it will be removed on shutdown. Thunderbird does not store default settings, only non-default ones. That is also why some entries are just not in the list at all.

I assume is is an EN-US version for Windows you want. http://ftp.mozilla.org/pub/mozilla.org/thunderbird/releases/31.8.0/win32/en-US/

Note you will need to remove the add-on lightning and reinstall as add-ons do not downgrade and lightning being a binary add-on will not work with the older version.