thunderbird's LDAP support requires SHA1
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thunderbird (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
We recently tightened up the SSL ciphers offered by our corporate LDAP
server and it broke Thunderbird's LDAP integration. Specifically
Thunderbird couldn't connect unless SHA1 ciphersuites were offered by
the LDAP server.
Didn't work:
prio ciphersuite protocols pfs
1 AES256-SHA256 TLSv1.2 None None
2 AES128-SHA256 TLSv1.2 None None
olcTLSCipherSuite: NORMAL:
Did work:
prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple npn pfs
1 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEn
2 AES256-SHA TLSv1,TLSv1.
3 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEn
4 AES128-SHA TLSv1,TLSv1.
olcTLSCipherSuite: NORMAL:
thunderbird is 1:45.5. 1+build1- 0ubuntu0. 16.04.1 FWIW and slapd is 2.4.28-1.1ubuntu4.6 (from Ubuntu 12.04)