Thunderbird 45 won't connect to IMAP server via SSL or STARTTLS
Hello, Ever since the TB-45.0 update, I'm unable to use encrypted email. Both SSL/TLS and STARTTLS encryptions result in the following message in the error console: Timestamp: 12.05.2016 8,57,52 Error: An error occurred during a connection to mail.myhost.com:993.
Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: <a id="errorCode" title="SSL_ERROR_NO_CYPHER_OVERLAP">SSL_ERROR_NO_CYPHER_OVERLAP</a> The server supports TLS v1.0, 1.1 and 1.2. A list of supported ciphers is attached to the end of this help request. I tried adding my mail server as a tls fallback host without effect. Currently the only way to use my email is without encryption, or by downgrading to 31.1 (which was the previous version I had installed on my PC), but the update is constantly nagging and annoying.
Thanks for your help!
Supported ciphers:
Testing ECDHE-RSA-AES256-GCM-SHA384...YES Testing ECDHE-RSA-AES256-SHA384...YES Testing ECDHE-RSA-AES256-SHA...YES Testing DHE-RSA-AES256-GCM-SHA384...YES Testing DHE-RSA-AES256-SHA256...YES Testing DHE-RSA-AES256-SHA...YES Testing DHE-RSA-CAMELLIA256-SHA...YES Testing AES256-GCM-SHA384...YES Testing AES256-SHA256...YES Testing AES256-SHA...YES Testing CAMELLIA256-SHA...YES Testing ECDHE-RSA-AES128-GCM-SHA256...YES Testing ECDHE-RSA-AES128-SHA256...YES Testing ECDHE-RSA-AES128-SHA...YES Testing DHE-RSA-AES128-GCM-SHA256...YES Testing DHE-RSA-AES128-SHA256...YES Testing DHE-RSA-AES128-SHA...YES Testing DHE-RSA-CAMELLIA128-SHA...YES Testing AES128-GCM-SHA256...YES Testing AES128-SHA256...YES Testing AES128-SHA...YES Testing CAMELLIA128-SHA...YES Testing DES-CBC3-SHA...YES
Modified by Iskren
Chosen solution
Hi christ1, thanks for your input.
The article you sent was very helpful, I used wireshark and got 11 cipher suites from Thunderbird. Afterwards, I added them to the preferred ciphers in the server config and it works again! Thank you! I'll leave the list of ciphers here for future reference.
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA
Read this answer in context 👍 0All Replies (2)
An error occurred during a connection to mail.myhost.com
I suppose you did obfuscate the domain, or the server isn't reachable via Internet. So there's nothing anyone can check about it.
I tried adding my mail server as a tls fallback host without effect.
I have no idea what that means.
See if this helps. https://support.mozilla.org/en-US/questions/1116781#answer-872794
Chosen Solution
Hi christ1, thanks for your input.
The article you sent was very helpful, I used wireshark and got 11 cipher suites from Thunderbird. Afterwards, I added them to the preferred ciphers in the server config and it works again! Thank you! I'll leave the list of ciphers here for future reference.
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA