Public bug reported: [Impact]
* Thunderbird may become useless after booting into FIPS mode - it refuses to connect to server displaying the following message: Unexpected response from the server This document cannot be displayed unless you install the Personal Security Manager (PSM). Download and install PSM and try again, or contact your system administrator. This seems to be a result of the fact that despite Thunderbird for Ubuntu being with FIPS support disabled there's a piece of code that ignores the build flag and checks for `/proc/sys/crypto/fips_enabled` status anyway. Looks like upstream fix [1] needs to be applied to Thunderbird source under security/nss. [Test Case] * Configure an email account in Thunderbird. I was able to reproduce it with a gmail account. * Install FIPS modules as described in [2]. * Boot into FIPS mode. * Open Thunderbird. [Regression Potential] * I can't identify regression potential - this is clearly a bug fixed upstream by a simple fix. [Other Info] * Related Firefox bug: https://bugs.launchpad.net/bugs/1843044 * I was able to backport this fix and test it - the problem was gone. Xenial build is available in ppa:dgadomski/thunderbird. [1] https://hg.mozilla.org/projects/nss/raw-rev/55ba54adfcaea2f984a999a511eec5047462eb57 [2] https://docs.ubuntu.com/security-certs/en/fips ** Affects: thunderbird (Ubuntu) Importance: Undecided Status: New ** Affects: thunderbird (Ubuntu Xenial) Importance: Undecided Status: New ** Affects: thunderbird (Ubuntu Bionic) Importance: Undecided Status: New ** Also affects: thunderbird (Ubuntu Xenial) Importance: Undecided Status: New ** Also affects: thunderbird (Ubuntu Bionic) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1878155 Title: Thunderbird fails to connect to server in FIPS mode To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1878155/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
