New thunderbird 38.1.0 do ssl_error_weak_server_cert_key
New thunderbird 38.1.0 go in ssl_error_weak_server_cert_key when try to connect to a imap server that use a self made ssl certificate and do not see in the local certificate to see if the certificate is signed as Trust.
In the net i see this : https://fossies.org/diffs/thunderbird/38.0.1.source_vs_38.1.0.source/mozilla/security/nss/lib/ssl/sslerr.h-diff.html
Please help me.
Ettore
被選擇的解決方法
Mozilla product no longer accept 512 bit keys. Generate a certific ate with 2048bit.
See http://thunderbirdtweaks.blogspot.com.au/2015/07/logjam-and-thunderbird.html
從原來的回覆中察看解決方案 👍 0所有回覆 (4)
Is this a 1024-bit SSL certificate issued after December 31, 2013? Those certificates are no longer trusted. See https://developer.mozilla.org/en-US/Firefox/Releases/38/Site_Compatibility#Security
This is our certificate:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
91:5a:69:68:ad:82:e2:2b
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=IT, ST=MILAN, L=BUSSERO, O=H.T. Stone S.r.l., OU=SedeCentraleHTStone, CN=H.T.Stone Certificato di 30 anni (2044)/emailAddress=amministrazione@htstone.it
Validity
Not Before: May 26 12:43:15 2014 GMT
Not After : Jul 7 12:43:15 2044 GMT
Subject: C=IT, ST=MILAN, L=BUSSERO, O=H.T. Stone S.r.l., OU=SedeCentraleHTStone, CN=H.T.Stone Certificato di 30 anni (2044)/emailAddress=amministrazione@htstone.it
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (512 bit)
Modulus:
00:a3:7e:ae:43:62:6b:63:8e:54:ba:a6:5c:d8:bc:
69:41:53:23:f0:a7:a4:57:f1:e3:34:d7:00:2d:ec:
fa:75:e6:8d:e0:97:a7:d0:28:87:e8:2e:07:ae:cd:
2b:45:25:84:ff:79:bc:19:a0:2b:78:8e:6a:3a:cf:
eb:75:c2:b1:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:17:13:2E:02:7F:E5:71:CB:E2:B8:51:0E:C9:16:E4:50:39:C6:8F
X509v3 Authority Key Identifier:
keyid:12:17:13:2E:02:7F:E5:71:CB:E2:B8:51:0E:C9:16:E4:50:39:C6:8F
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha1WithRSAEncryption
81:88:3a:fc:9d:21:e4:e5:30:fe:4d:71:a6:16:74:49:3c:9e:
25:17:a5:9e:35:d2:19:7c:bb:98:1c:f1:4b:69:c1:ab:3c:82:
04:bc:c3:67:ef:fa:af:ee:e0:37:1e:86:5f:59:46:4e:b9:25:
ea:7b:26:b9:cc:9b:7a:c0:c2:ca
BEGIN CERTIFICATE-----
MIIC1zCCAoGgAwIBAgIJAJFaaWitguIrMA0GCSqGSIb3DQEBBQUAMIHGMQswCQYD VQQGEwJJVDEOMAwGA1UECAwFTUlMQU4xEDAOBgNVBAcMB0JVU1NFUk8xGjAYBgNV BAoMEUguVC4gU3RvbmUgUy5yLmwuMRwwGgYDVQQLDBNTZWRlQ2VudHJhbGVIVFN0 b25lMTAwLgYDVQQDDCdILlQuU3RvbmUgQ2VydGlmaWNhdG8gZGkgMzAgYW5uaSAo MjA0NCkxKTAnBgkqhkiG9w0BCQEWGmFtbWluaXN0cmF6aW9uZUBodHN0b25lLml0 MB4XDTE0MDUyNjEyNDMxNVoXDTQ0MDcwNzEyNDMxNVowgcYxCzAJBgNVBAYTAklU MQ4wDAYDVQQIDAVNSUxBTjEQMA4GA1UEBwwHQlVTU0VSTzEaMBgGA1UECgwRSC5U LiBTdG9uZSBTLnIubC4xHDAaBgNVBAsME1NlZGVDZW50cmFsZUhUU3RvbmUxMDAu BgNVBAMMJ0guVC5TdG9uZSBDZXJ0aWZpY2F0byBkaSAzMCBhbm5pICgyMDQ0KTEp MCcGCSqGSIb3DQEJARYaYW1taW5pc3RyYXppb25lQGh0c3RvbmUuaXQwXDANBgkq hkiG9w0BAQEFAANLADBIAkEAo36uQ2JrY45UuqZc2LxpQVMj8KekV/HjNNcALez6 deaN4Jen0CiH6C4Hrs0rRSWE/3m8GaAreI5qOs/rdcKxFQIDAQABo1AwTjAdBgNV HQ4EFgQUEhcTLgJ/5XHL4rhRDskW5FA5xo8wHwYDVR0jBBgwFoAUEhcTLgJ/5XHL 4rhRDskW5FA5xo8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAANBAIGIOvyd IeTlMP5NcaYWdEk8niUXpZ410hl8u5gc8Utpwas8ggS8w2fv+q/u4Dcehl9ZRk65 Jep7JrnMm3rAwso=
END CERTIFICATE-----
選擇的解決方法
Mozilla product no longer accept 512 bit keys. Generate a certific ate with 2048bit.
See http://thunderbirdtweaks.blogspot.com.au/2015/07/logjam-and-thunderbird.html
I created a new self-made Certificate with a key of 2048 bit, and i put it in my hMailServer IMAP protocol configuration. It works. Problem solved. Thanks
Ettore