[Desktop-packages] [Bug 1658348] [NEW] thunderbird's LDAP support requires SHA1

[James Troup]

Public bug reported:

We recently tightened up the SSL ciphers offered by our corporate LDAP
server and it broke Thunderbird's LDAP integration.  Specifically
Thunderbird couldn't connect unless SHA1 ciphersuites were offered by
the LDAP server.

Didn't work:

prio  ciphersuite    protocols  pfs
1     AES256-SHA256  TLSv1.2    None  None
2     AES128-SHA256  TLSv1.2    None  None

olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:-SHA1

Did work:

prio  ciphersuite    protocols              pubkey_size  signature_algoritm     
  trusted  ticket_hint  ocsp_staple  npn   pfs
1     AES256-SHA256  TLSv1.2                2048         
sha256WithRSAEncryption  True     None         False        None  None  None
2     AES256-SHA     TLSv1,TLSv1.1,TLSv1.2  2048         
sha256WithRSAEncryption  True     None         False        None  None  None
3     AES128-SHA256  TLSv1.2                2048         
sha256WithRSAEncryption  True     None         False        None  None  None
4     AES128-SHA     TLSv1,TLSv1.1,TLSv1.2  2048         
sha256WithRSAEncryption  True     None         False        None  None  None

olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC

** Affects: thunderbird (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1658348

Title:
  thunderbird's LDAP support requires SHA1

Status in thunderbird package in Ubuntu:
  New

Bug description:
  We recently tightened up the SSL ciphers offered by our corporate LDAP
  server and it broke Thunderbird's LDAP integration.  Specifically
  Thunderbird couldn't connect unless SHA1 ciphersuites were offered by
  the LDAP server.

  Didn't work:

  prio  ciphersuite    protocols  pfs
  1     AES256-SHA256  TLSv1.2    None  None
  2     AES128-SHA256  TLSv1.2    None  None

  olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
  CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:-SHA1

  Did work:

  prio  ciphersuite    protocols              pubkey_size  signature_algoritm   
    trusted  ticket_hint  ocsp_staple  npn   pfs
  1     AES256-SHA256  TLSv1.2                2048         
sha256WithRSAEncryption  True     None         False        None  None  None
  2     AES256-SHA     TLSv1,TLSv1.1,TLSv1.2  2048         
sha256WithRSAEncryption  True     None         False        None  None  None
  3     AES128-SHA256  TLSv1.2                2048         
sha256WithRSAEncryption  True     None         False        None  None  None
  4     AES128-SHA     TLSv1,TLSv1.1,TLSv1.2  2048         
sha256WithRSAEncryption  True     None         False        None  None  None

  olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
  CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1658348/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp