Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1548016

Summary: TB does not download emails from IMAP
Product: [Fedora] Fedora Reporter: Vít Ondruch <vondruch>
Component: thunderbirdAssignee: Gecko Maintainer <gecko-bugs-nobody>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: alexl, gecko-bugs-nobody, john.j5live, kengert, pjasicek, rhughes, rstrode, sandmann
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-02-26 15:34:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vít Ondruch 2018-02-22 14:27:39 UTC
Description of problem:
TB refuse to download emails from IMAP server. Not really sure what happened. This is the log I get (with newly created profile, just to be sure):

~~~
$ NSPR_LOG_MODULES=imap:5,timestamp thunderbird
[calBackendLoader] Using Thunderbird's builtin libical backend
2018-02-22 14:19:40.563905 UTC - 751814400[7f3621d13460]: ImapThreadMainLoop entering [this=21daa000]
2018-02-22 14:19:40.563959 UTC - 1613412160[7f365ed63140]: 21daa000:mail.xxx.com:NA:SetupWithUrl: clearing IMAP_CONNECTION_IS_OPEN
2018-02-22 14:19:40.566009 UTC - 751814400[7f3621d13460]: 21daa000:mail.xxx.com:NA:ProcessCurrentURL: entering
2018-02-22 14:19:40.566109 UTC - 751814400[7f3621d13460]: 21daa000:mail.xxx.com:NA:ProcessCurrentURL:imap://vondruch.com:993/select%3E%5EINBOX:  = currentUrl
2018-02-22 14:19:41.072738 UTC - 751814400[7f3621d13460]: ReadNextLine [stream=21c16180 nb=0 needmore=1]
2018-02-22 14:19:41.072793 UTC - 751814400[7f3621d13460]: 21daa000:mail.xxx.com:NA:CreateNewLineFromSocket: clearing IMAP_CONNECTION_IS_OPEN - rv = 805a2f8d
2018-02-22 14:19:41.073045 UTC - 751814400[7f3621d13460]: 21daa000:mail.xxx.com:NA:TellThreadToDie: close socket connection
2018-02-22 14:19:41.073079 UTC - 751814400[7f3621d13460]: 21daa000:mail.xxx.com:NA:CreateNewLineFromSocket: (null)
2018-02-22 14:19:41.079292 UTC - 751814400[7f3621d13460]: 21daa000:mail.xxx.com:NA:ProcessCurrentURL: aborting queued urls
2018-02-22 14:19:41.089575 UTC - 751814400[7f3621d13460]: ImapThreadMainLoop leaving [this=21daa000]
~~~


Version-Release number of selected component (if applicable):
$ rpm -q thunderbird
thunderbird-52.6.0-2.fc28.x86_64



How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
TB does not download emails nor list of folders, anything.


Expected results:
TB download mails just fine.


Additional info:
Yesterday, it used to work just fine. I updated the computer and still, I would say it worked just fine, but today, it does not work. Not sure if it might be server side issue or how to debug it.

Comment 1 Vít Ondruch 2018-02-23 09:54:59 UTC
Of, finally I discovered that in JS console, there is reported following error:

~~~
An error occurred during a connection to mail.xxx.com:993.

SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.

Error code: <a id="errorCode" title="SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY">SSL_ERROR_WEAK_SERVER_EPHEMERAL_DH_KEY</a> 
~~~

I was suggested by Jan Hořák to try [1], so I disabled all the "dhe" options and it seems that my TB can connect to the server once again. Not sure if the security is better or worse now though.


[1] https://support.mozilla.org/cs/questions/1065417

Comment 2 Vít Ondruch 2018-02-26 15:34:41 UTC
This seems to be caused by crypto-policies change:

https://fedoraproject.org/wiki/Changes/StrongCryptoSettings

I opened different ticket there.

*** This bug has been marked as a duplicate of bug 1549096 ***