mozilla-thunderbird: SMTP down negotiation weakness
Bug #24220 reported by
Debian Bug Importer
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mozilla Thunderbird |
Unknown
|
Unknown
|
|||
mozilla-thunderbird (Debian) |
Fix Released
|
Unknown
|
|||
mozilla-thunderbird (Ubuntu) |
Fix Released
|
High
|
Mozilla Bugs |
Bug Description
Automatically imported from Debian bug report #334621 http://
Changed in thunderbird: | |
status: | Unknown → Unconfirmed |
Changed in mozilla-thunderbird: | |
status: | Confirmed → Fix Released |
Changed in thunderbird: | |
status: | Unconfirmed → Confirmed |
Changed in mozilla-thunderbird: | |
status: | Unconfirmed → Confirmed |
Changed in thunderbird: | |
status: | Confirmed → In Progress |
Changed in mozilla-thunderbird: | |
status: | Unknown → Confirmed |
Changed in thunderbird: | |
status: | In Progress → Fix Released |
Changed in thunderbird: | |
status: | Fix Released → Confirmed |
Changed in thunderbird: | |
status: | Confirmed → Fix Released |
Changed in mozilla-thunderbird: | |
assignee: | adconrad → mozillateam |
Changed in mozilla-thunderbird: | |
assignee: | mozillateam → mozilla-bugs |
Changed in mozilla-thunderbird (Debian): | |
status: | Confirmed → Fix Released |
Changed in mozilla-thunderbird (Ubuntu): | |
status: | Confirmed → Fix Released |
Changed in mozilla-thunderbird (Debian): | |
status: | Fix Released → Confirmed |
Changed in thunderbird: | |
importance: | Unknown → Wishlist |
Changed in thunderbird: | |
importance: | Wishlist → Unknown |
status: | Fix Released → Unknown |
Changed in mozilla-thunderbird (Debian): | |
status: | Confirmed → Fix Released |
To post a comment you must log in.
That's right and it is by design. It's not the best solution but I did it (in
bug 203785) because servers where CRAM-MD5 authentication fails are widespread
and users would have to often switch the options.
For SMTP there is no switch "Use secure authentication" in the UI and in the
backend it's honestly named "trySecAuth". So TB/SM don't pretend to only use
secure mechanisms for SMTP in any situation.