Re: Thunderbird with mail.corp.redhat.com does not work on Fedora 33

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



| I've upgraded to Fedora 33 beta and I've discovered a problem with
| Thunderbird. All email accounts work well except the Red Hat one with
| mail.corp.redhat.com as an IMAP server (I use Zimbra servers not Gmail).
| 
| The problem is that Thunderbird does not show any error message but it's not
| able to communicate with the IMAP server. I'm not able to receive any
| message from the server. I'm able to send a message but a copy is then not
| saved to sent folder for the same reason. My first thought was that the
| problem is caused by a downgrade from 68.11 to 68.10 because Thunderbird
| currently FTBFS in Fedora 33 but it does not seem to be so. I've also tried
| to remove the account and add it back but it did not help because I was no
| longer able to log in to my account without any particular error message.
| I've also tried to delete the server's certificates.
| 
| The problem seems to be caused by strict crypto policies in Fedora 33 and
| too small DH key provided by the server.
| 
| $ update-crypto-policies --show
| DEFAULT
| 
| $ openssl s_client -showcerts -connect mail.corp.redhat.com:993 -servername
| mail.corp.redhat.com
| CONNECTED(00000003)
| depth=3 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU =
| Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@xxxxxxxxxx
| verify return:1
| depth=2 O = Red Hat, OU = prod, CN = Intermediate Certificate Authority
| verify return:1
| depth=1 O = Red Hat, OU = prod, CN = Certificate Authority
| verify return:1
| depth=0 C = US, ST = North Carolina, L = Raleigh, O = Red Hat, OU =
| Information Technology, emailAddress = servicedesk@xxxxxxxxxx, CN =
| mail.corp.redhat.com
| verify return:1
| 139893557032768:error:141A318A:SSL routines:tls_process_ske_dhe:dh key too
| small:ssl/statem/statem_clnt.c:2149:
| ---
| 
| $ sudo update-crypto-policies --set LEGACY
| Setting system policy to LEGACY
| Note: System-wide crypto policies are applied on application start-up.
| It is recommended to restart the system for the change of policies
| to fully take place.
| 
| openssl s_client -showcerts -connect mail.corp.redhat.com:993 -servername
| mail.corp.redhat.com
| CONNECTED(00000003)
| depth=3 C = US, ST = North Carolina, L = Raleigh, O = "Red Hat, Inc.", OU =
| Red Hat IT, CN = Red Hat IT Root CA, emailAddress = infosec@xxxxxxxxxx
| verify return:1
| depth=2 O = Red Hat, OU = prod, CN = Intermediate Certificate Authority
| verify return:1
| depth=1 O = Red Hat, OU = prod, CN = Certificate Authority
| verify return:1
| depth=0 C = US, ST = North Carolina, L = Raleigh, O = Red Hat, OU =
| Information Technology, emailAddress = servicedesk@xxxxxxxxxx, CN =
| mail.corp.redhat.com
| verify return:1
| ---
| ... <certificates chain> ...
| ---
| * OK IMAP4 ready
| 
| As you can see above, the DH key provided by the server is too small so the
| SSL verification fails. Setting the crypto policies to LEGACY solves the
| issue for me and I am again able to recreate my Red Hat account in
| Thunderbird.
| 
| Hope this helps. I'm going to report this problem to service desk.

Same thing applies to mutt. I've filed this bz: 
       https://bugzilla.redhat.com/show_bug.cgi?id=1883976

Harish

Attachment: signature.asc
Description: PGP signature

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux