Public bug reported:
We recently tightened up the SSL ciphers offered by our corporate LDAP
server and it broke Thunderbird's LDAP integration. Specifically
Thunderbird couldn't connect unless SHA1 ciphersuites were offered by
the LDAP server.
Didn't work:
prio ciphersuite protocols pfs
1 AES256-SHA256 TLSv1.2 None None
2 AES128-SHA256 TLSv1.2 None None
olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:-SHA1
Did work:
prio ciphersuite protocols pubkey_size signature_algoritm
trusted ticket_hint ocsp_staple npn pfs
1 AES256-SHA256 TLSv1.2 2048
sha256WithRSAEncryption True None False None None None
2 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048
sha256WithRSAEncryption True None False None None None
3 AES128-SHA256 TLSv1.2 2048
sha256WithRSAEncryption True None False None None None
4 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048
sha256WithRSAEncryption True None False None None None
olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC
** Affects: thunderbird (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1658348
Title:
thunderbird's LDAP support requires SHA1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1658348/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
