importance for Xenial and Bionic marked as high as this prevents
Thunderbird from being used in FIPS mode on those releases.
** Changed in: thunderbird (Ubuntu Groovy)
Assignee: (unassigned) => Dariusz Gadomski (dgadomski)
** Changed in: thunderbird (Ubuntu Focal)
Assignee: (unassigned) => Dariusz Gadomski (dgadomski)
** Changed in: thunderbird (Ubuntu Eoan)
Assignee: (unassigned) => Dariusz Gadomski (dgadomski)
** Changed in: thunderbird (Ubuntu Bionic)
Assignee: (unassigned) => Dariusz Gadomski (dgadomski)
** Changed in: thunderbird (Ubuntu Xenial)
Assignee: (unassigned) => Dariusz Gadomski (dgadomski)
** Changed in: thunderbird (Ubuntu Xenial)
Importance: Undecided => Medium
** Changed in: thunderbird (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: thunderbird (Ubuntu Eoan)
Importance: Undecided => Medium
** Changed in: thunderbird (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: thunderbird (Ubuntu Groovy)
Importance: Undecided => Medium
** Changed in: thunderbird (Ubuntu Xenial)
Importance: Medium => High
** Changed in: thunderbird (Ubuntu Bionic)
Importance: Medium => High
** Tags added: sts
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1878155
Title:
Thunderbird fails to connect to server in FIPS mode
Status in thunderbird package in Ubuntu:
New
Status in thunderbird source package in Xenial:
New
Status in thunderbird source package in Bionic:
New
Status in thunderbird source package in Eoan:
New
Status in thunderbird source package in Focal:
New
Status in thunderbird source package in Groovy:
New
Bug description:
[Impact]
* Thunderbird may become useless after booting into FIPS mode - it
refuses to connect to server displaying the following message:
Unexpected response from the server
This document cannot be displayed unless you install the Personal
Security Manager (PSM). Download and install PSM and try again, or
contact your system administrator.
This seems to be a result of the fact that despite Thunderbird for
Ubuntu being with FIPS support disabled there's a piece of code that
ignores the build flag and checks for `/proc/sys/crypto/fips_enabled`
status anyway.
Looks like upstream fix [1] needs to be applied to Thunderbird source
under security/nss.
[Test Case]
* Configure an email account in Thunderbird. I was able to reproduce it with
a gmail account.
* Install FIPS modules as described in [2].
* Boot into FIPS mode.
* Open Thunderbird.
[Regression Potential]
* I can't identify regression potential - this is clearly a bug fixed
upstream by a simple fix.
[Other Info]
* Related Firefox bug: https://bugs.launchpad.net/bugs/1843044
* I was able to backport this fix and test it - the problem was gone. Xenial
build is available in ppa:dgadomski/thunderbird.
[1]
https://hg.mozilla.org/projects/nss/raw-rev/55ba54adfcaea2f984a999a511eec5047462eb57
[2] https://docs.ubuntu.com/security-certs/en/fips
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1878155/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
