# No TLS v1.1 / v1.2 in Thunderbird



## Bogdan (Sep 24, 2015)

Is there any chance to use TLS v1.1 or TLS v1.2 with Mozilla Thunderbird? I've always adjusted these settings on the Linux version of the software, but I'm unable to do this with FreeBSD.

There are no 
	
	



```
security.tls.*
```
 settings in the config panel, so the best I get is:


```
version=TLSv1/SSLv3 cipher=OTHER
```

I also installed Evolution and it seems like it doesn't have TLS at all. This is not the case with Firefox, where the encryption is strong.

I installed Thunderbird with pkg, I'm not sure if installing from ports would make a difference?


----------



## protocelt (Sep 24, 2015)

The recent version of mail/thunderbird uses TLSv0, TLSv1, and TLSv2, but not SSLv3 by default. If I do a search in Thunderbird's configuration editor with the string security.tls, I get the following available settings:

```
security.tls.insecure_fallback_hosts
security.tls.insecure_fallback_hosts.use_static_list
security.tls.unrestricted_rc4_fallback
security.tls.version.fallback-limit
security.tls.version.max
security.tls.version.min
```
security.tls.version.max is set to 3(TLSv2) and security.tls.version.min is set to 1(TLSv0) by default.

Maybe try creating a new profile for Thunderbird then check to see if the security settings are then available when searching the configuration editor.


----------



## Bogdan (Sep 24, 2015)

Let me try to install from mail/thunderbird and I'll post the results.


----------



## Bogdan (Sep 24, 2015)

I'm trying to `make install` but it says  
	
	



```
===>  thunderbird-38.2.0_1 has known vulnerabilities:
thunderbird-38.2.0_1 is vulnerable:
mozilla -- multiple vulnerabilities
...
1 problem(s) in the installed packages found.
=> Please update your ports tree and try again.
=> Note: Vulnerable ports are marked as such even if there is no update available.
=> If you wish to ignore this vulnerability rebuild with 'make DISABLE_VULNERABILITIES=yes'
*** Error code 1

Stop.
make[1]: stopped in /usr/ports/mail/thunderbird
*** Error code 1
```

I did `portsnap fetch ; portsnap extract ; portsnap fetch update`


```
#portsnap update
Ports tree is already up to date.
```
I am stuck here for the moment.


----------



## Bogdan (Sep 24, 2015)

protocelt

Installed from mail/thunderbird and got the same result. No TLS settings in the config editor (except for security.tls.version.max and security.tls.version.min, which I also had when I installed from `pkg`). Pretty much everything is security.ssl.-*. Created a new profile, no change.

`pkg info thunderbird`


```
thunderbird-38.2.0_1
Name  : thunderbird
Version  : 38.2.0_1
Installed on  : Thu Sep 24 21:12:21 EEST 2015
Origin  : mail/thunderbird
Architecture  : freebsd:10:x86:64
Prefix  : /usr/local
Categories  : news net-im mail ipv6
Licenses  :
Maintainer  : gecko@FreeBSD.org
WWW  : http://www.mozilla.com/thunderbird/
Comment  : Mozilla Thunderbird is standalone mail and news that stands above
Options  :
   ALSA  : on
   BUNDLED_CAIRO  : off
   CANBERRA  : on
   DBUS  : on
   DEBUG  : off
   DTRACE  : off
   ENIGMAIL  : on
   GCONF  : off
   GIO  : on
   GNOMEUI  : off
   GSTREAMER  : on
   INTEGER_SAMPLES: off
   LIBPROXY  : off
   LIGHTNING  : off
   LOGGING  : on
   OPTIMIZED_CFLAGS: on
   PGO  : off
   PROFILE  : off
   PULSEAUDIO  : off
   TEST  : off
Shared Libs required:
   libvpx.so.2
   libvorbisenc.so.2
   libvorbis.so.0
   libv4l2.so.0
   libstartup-notification-1.so.0
   libssl3.so.1
   libsqlite3.so.0
   libsmime3.so.1
   libpng16.so.16
   libplds4.so.1
   libplc4.so.1
   libpixman-1.so.0
   libpangoft2-1.0.so.0
   libpangocairo-1.0.so.0
   libpango-1.0.so.0
   libogg.so.0
   libnssutil3.so.1
   libnss3.so.1
   libnspr4.so.1
   libjpeg.so.8
   libintl.so.8
   libicuuc.so.55
   libicui18n.so.55
   libicudata.so.55
   libhunspell-1.3.so.0
   libharfbuzz.so.0
   libgtk-x11-2.0.so.0
   libgthread-2.0.so.0
   libgraphite2.so.3
   libgobject-2.0.so.0
   libglib-2.0.so.0
   libgio-2.0.so.0
   libgdk_pixbuf-2.0.so.0
   libgdk-x11-2.0.so.0
   libfreetype.so.6
   libfontconfig.so.1
   libffi.so.6
   libevent-2.0.so.5
   libdbus-glib-1.so.2
   libdbus-1.so.3
   libcairo.so.2
   libatk-1.0.so.0
   libXt.so.6
   libXrender.so.1
   libXfixes.so.3
   libXext.so.6
   libXdamage.so.1
   libXcomposite.so.1
   libX11.so.6
   libSoundTouch.so.0
Annotations  :
   cpe  : cpe:2.3:a:mozilla:thunderbird:38.2.0:::::freebsd10:x64:1
   no_provide_shlib: yes
```

`uname -a`

```
FreeBSD lion 10.2-RELEASE FreeBSD 10.2-RELEASE #0 r286666: Wed Aug 12 15:26:37 UTC 2015  root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC  amd64
```

Any more ideas?


----------



## Bogdan (Sep 24, 2015)

Got it working.

I set mail.smtpserver.smtp1.try_ssl    0 (the default value was 3). With this setting, it refused to send messages. Then I tried values of 1 and 2 without success. When I set it back to the default value of 3 and restarted the program, I got:


```
version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA bits=256/256
```

I don't know what the problem was (is), but TLSv1.2 is now persistent after a restart.


----------

