Secure connections - Thunderbird: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
No edit summary
 
m (→‎External links: correct link for SSL versus TLS versus STARTTLS)
 
(7 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{update}}
{{Tbsuite}}
{{Tbsuite}}


You can make a secure connection to the mail server using either the SSL or TLS protocol. Both temporarily encrypt the network traffic between the email client and the mail server but don't protect the message when its stored on the mail server or in your profile. For that you need to encrypt the message using either [http://en.wikipedia.org/wiki/S/MIME S/MIME] or the [http://enigmail.mozdev.org/home/index.php Enigmail extension], or [[Protecting_the_contents_of_the_profile_-_mail | protect the contents of the profile]]. If you don't make a secure connection anybody who intercepts the network traffic can read everything, including your password. This is why some mail servers that don't support secure connections provide a secure authentication option. It provides a way to login to the mail server without sending your password in clear text, typically by sending a [http://en.wikipedia.org/wiki/CRAM-MD5 hash code] instead of the password.  
You can make a secure connection to the mail server using either the SSL or TLS protocol. Both temporarily encrypt the network traffic between the email client and the mail server but don't protect the message when its stored on the mail server or in your [[Profile_folder_-_Thunderbird | profile]]. For that you need to encrypt the message using either [http://en.wikipedia.org/wiki/S/MIME S/MIME] or the [http://enigmail.mozdev.org/home/index.php Enigmail extension], or [[Protecting_the_contents_of_the_profile_-_mail | protect the contents of the profile]]. If you don't make a secure connection anybody who intercepts the network traffic can read everything, including your password. This is why some mail servers that don't support secure connections provide a secure authentication option. It provides a way to login to the mail server without sending your password in clear text. It sends a [http://en.wikipedia.org/wiki/CRAM-MD5 hash code] instead of the password. Replay attacks are prevented by having the mail server send a random number or string that the email client uses (along with the password) to generate the hash code .


Thunderbird 2.x provides the following options for a secure connection:
Thunderbird 2.x provides the following options for a secure connection:
Line 12: Line 13:
TLS is based on the latest version of SSL but its not interoperable. The main reason it exists is so that the IETF can have an open, community supported standard (SSL was originally developed by Netscape). Both are just as secure. The main difference between the two protocols is that if the mail server supports STARTTLS you can make a normal connection to it, and then upgrade it to a TLS connection. Unfortunately this can cause confusion and create a security risk. This is because both "TLS, if available" and "TLS" don't actually create a TLS connection. They rely upon some optional extensions to the POP3, IMAP and SMTP protocols to support STARTTLS.  
TLS is based on the latest version of SSL but its not interoperable. The main reason it exists is so that the IETF can have an open, community supported standard (SSL was originally developed by Netscape). Both are just as secure. The main difference between the two protocols is that if the mail server supports STARTTLS you can make a normal connection to it, and then upgrade it to a TLS connection. Unfortunately this can cause confusion and create a security risk. This is because both "TLS, if available" and "TLS" don't actually create a TLS connection. They rely upon some optional extensions to the POP3, IMAP and SMTP protocols to support STARTTLS.  


If you select "TLS" the email client will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. If the mail serrer doesn't support STARTTLS the connection fails. This occurs before Thunderbird logs into the mail server, so your password and messages are always sent over a secure connection.
If you select "TLS" Thunderbird will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. If the mail server doesn't support STARTTLS the connection fails. This occurs before Thunderbird logs into the mail server, so your password and messages are always sent over a secure connection.


If you select "TLS if available"the email client will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. However, if the mail server doesn't support STARTTLS the connection doesn't fail. Thunderbird continues to use a normal connection. This is a security risk since Thunderbird doesn't display some icon to indicate whether the connection is secure like a browser does, and you're vulnerable to man in the middle attacks (MITM).  
If you select "TLS if available" Thunderbird will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. However, if the mail server doesn't support STARTTLS the connection doesn't fail. Thunderbird continues to use a normal connection. This is a security risk since Thunderbird doesn't display some icon to indicate whether the connection is secure like a browser does, and you're vulnerable to man in the middle attacks (MITM).  


A man in the middle attack is a type of active eavesdropping where two victims think they're communicating directly but in reality the "attacker" is relaying all of the information between them. If Thunderbird somehow connected to the attackers mail server and it changed the capability information to state your mail server didn't support TLS it would be able to eavesdrop on your password and messages because Thunderbird would continue to use a TCP/IP connection.
A man in the middle attack is a type of active eavesdropping where two victims think they're communicating directly but in reality the "attacker" is relaying all of the information between them. If Thunderbird somehow connected to the attackers mail server and it changed the capability information to state your mail server didn't support TLS it would be able to eavesdrop on your password and messages because Thunderbird would continue to use a TCP/IP connection.


In reality you have a Never, SSL and two mislabeled STARTTLS options. Thunderbird 3.0 beta 2 is supposed to change the user interface to solve this problem. Its recommended that if your mail server supports both TLS and SSL you choose SSL since its just as secure, and it will always either make a secure connection or fail.  
In reality you have a Never, SSL and two mislabeled STARTTLS options. Thunderbird 3.0 beta has changed the user interface to solve this problem, offering SSL/TLS (formerly SSL) and STARTTLS (formerly TLS) now, with "TLS, if available" no longer being offered. For 2.0, it is recommended that if your mail server supports both TLS and SSL you choose SSL since it's just as secure, and it will always either make a secure connection or fail.
 
Most email providers don't support both secure connection and secure authentication. Its recommended that you use just a secure connection if you have a choice since using two different ciphers to double encrypt data can sometimes make it far less secure. If you're worried about how strong the encryption is use the [[Modify_Thunderbird_settings | config editor]] to disable the weaker ciphers (basically any that use RC2 or RC4 such as security.ssl3.rsa_'''rc2'''_40_md5) so that when the email client and mail server negotiate what cipher to use they'll either pick something strong like 128 bit AES or the secure connection will fail.


==See also==
==See also==
Line 24: Line 27:


==External links==
==External links==
* [http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/ Don’t count on STARTTLS to automatically encrypt your sensitive e-mails]
* [http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/32400c5d823d61dc Google group thread] about "TLS, if available".
* [http://groups.google.com/group/mozilla.dev.security/browse_thread/thread/32400c5d823d61dc Google group thread] about "TLS, if available".
* [http://novosial.org/openssl/tls-name/ SSL versus TLS versus STARTTLS]
* [http://stackoverflow.com/questions/3660798/what-happens-on-the-wire-when-a-tls-ldap-or-tls-http-connection-is-set-up What happens on the wire when a TLS / LDAP or TLS / HTTP connection is set up?]
* [http://en.wikipedia.org/wiki/Transport_layer_security Wikipedia article on SSL and TLS]
* [https://bugzilla.mozilla.org/show_bug.cgi?id=350314 STARTTLS is called TLS in user preferences (remaining IMAP/POP3 case)] bug report.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=350314 STARTTLS is called TLS in user preferences (remaining IMAP/POP3 case)] bug report.
* [https://bugzilla.mozilla.org/show_bug.cgi?id=383877 SMTP config UI should offer option to use message submission port per RFC4409] bug report
* [https://bugzilla.mozilla.org/show_bug.cgi?id=383877 SMTP config UI should offer option to use message submission port per RFC4409] bug report
* [http://en.wikipedia.org/wiki/Transport_layer_security Wikipedia article on SSL and TLS]


[[Category:Issues (Thunderbird)]]
[[Category:Issues (Thunderbird)]]
[[Category:Issues (Mozilla Suite)]]
[[Category:Issues (Mozilla Suite)]]
[[Category:Privacy and security]]
[[Category:Privacy and security]]

Latest revision as of 21:37, 5 April 2016

This article was written for Thunderbird but also applies to Mozilla Suite / SeaMonkey (though some menu sequences may differ).

You can make a secure connection to the mail server using either the SSL or TLS protocol. Both temporarily encrypt the network traffic between the email client and the mail server but don't protect the message when its stored on the mail server or in your profile. For that you need to encrypt the message using either S/MIME or the Enigmail extension, or protect the contents of the profile. If you don't make a secure connection anybody who intercepts the network traffic can read everything, including your password. This is why some mail servers that don't support secure connections provide a secure authentication option. It provides a way to login to the mail server without sending your password in clear text. It sends a hash code instead of the password. Replay attacks are prevented by having the mail server send a random number or string that the email client uses (along with the password) to generate the hash code .

Thunderbird 2.x provides the following options for a secure connection:

  • Never
  • TLS, if available
  • TLS
  • SSL

TLS is based on the latest version of SSL but its not interoperable. The main reason it exists is so that the IETF can have an open, community supported standard (SSL was originally developed by Netscape). Both are just as secure. The main difference between the two protocols is that if the mail server supports STARTTLS you can make a normal connection to it, and then upgrade it to a TLS connection. Unfortunately this can cause confusion and create a security risk. This is because both "TLS, if available" and "TLS" don't actually create a TLS connection. They rely upon some optional extensions to the POP3, IMAP and SMTP protocols to support STARTTLS.

If you select "TLS" Thunderbird will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. If the mail server doesn't support STARTTLS the connection fails. This occurs before Thunderbird logs into the mail server, so your password and messages are always sent over a secure connection.

If you select "TLS if available" Thunderbird will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. However, if the mail server doesn't support STARTTLS the connection doesn't fail. Thunderbird continues to use a normal connection. This is a security risk since Thunderbird doesn't display some icon to indicate whether the connection is secure like a browser does, and you're vulnerable to man in the middle attacks (MITM).

A man in the middle attack is a type of active eavesdropping where two victims think they're communicating directly but in reality the "attacker" is relaying all of the information between them. If Thunderbird somehow connected to the attackers mail server and it changed the capability information to state your mail server didn't support TLS it would be able to eavesdrop on your password and messages because Thunderbird would continue to use a TCP/IP connection.

In reality you have a Never, SSL and two mislabeled STARTTLS options. Thunderbird 3.0 beta has changed the user interface to solve this problem, offering SSL/TLS (formerly SSL) and STARTTLS (formerly TLS) now, with "TLS, if available" no longer being offered. For 2.0, it is recommended that if your mail server supports both TLS and SSL you choose SSL since it's just as secure, and it will always either make a secure connection or fail.

Most email providers don't support both secure connection and secure authentication. Its recommended that you use just a secure connection if you have a choice since using two different ciphers to double encrypt data can sometimes make it far less secure. If you're worried about how strong the encryption is use the config editor to disable the weaker ciphers (basically any that use RC2 or RC4 such as security.ssl3.rsa_rc2_40_md5) so that when the email client and mail server negotiate what cipher to use they'll either pick something strong like 128 bit AES or the secure connection will fail.

See also

External links