On 2023-12-31 14:44, Andrei Borzenkov wrote:
On 31.12.2023 12:22, David C. Rankin wrote:
On 12/30/23 07:22, Carlos E. R. wrote:
(and thank you for your write-up about the little-cloud icon -- that I had never seen before.... what do we call it? a "magic cloud obscure icon"?
The
https://bugzilla.mozilla.org/show_bug.cgi?id=1764770
is rather educational. It even describes how to configure TB to allow port 993 in certificate management dialogue (network.security.ports.banned.override with value 993).
I'll copy it here, it seems significant. https://bugzilla.mozilla.org/show_bug.cgi?id=1764770#c49 +++··························· This describes a work around for if you never see the exception dialog after clicking "Get Messages". One other thing I noticed is that there appears to be another way to override a bad certificate but it doesn't work. Specifically I'm referring to: Setting | Privacy & Security | Manage Certificates... | Servers | Add Exception... You should be able to enter your configured imap server name and port and click "Get Certificate" and override it. However, when I entered mine, like this: wally.dbnet.lan:993 it just says no info and I see no network activity in wireshark. I found that for this to work you have to add a new item in the TB Config Editor (Settings | General | Config Editor...). In the box at the top enter network.security.ports.banned.override, choose the "String" radio button and click +. Then enter the port number for imap TLS, 993 and click the blue "Save" button. Then probably restart TB. Now when you enter your configured server name and port, e.g., wally.dbnet.lan:993 and click "Get Certificate", TB will successfully download the certificate and allow you to set the exception (permanent or temporary). The only problem here is that this only works for security TLS (port 993) and not for STARTTLS (port 143). So you will need to switch your imap security from STARTTLS to SSL/TLS. (I think most servers that support STARTTLS also support TLS and is the preferred protocol.) If I include 143 in the comma separated list of network.security.ports.banned.override ports, e.g., 993,143 I see the connection made to the server port 143 but imap command STARTTLS is never sent to begin the TLS handshake so it fails. Re: https://stackoverflow.com/questions/63947262/thunderbird-78-how-to-add-secur... Also after writing this I see that this issue has been mention in some other bug reports. ···························++- Some comments say that you have to click the get messages button several times, it is random. Comment 52 says why the code is in that button. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)