Secure connections - Thunderbird

From MozillaZine Knowledge Base
Revision as of 21:26, 29 September 2008 by Tanstaafl (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search
This article was written for Thunderbird but also applies to Mozilla Suite / SeaMonkey (though some menu sequences may differ).

You can make a secure connection to the mail server using either the SSL or TLS protocol. Both temporarily encrypt the network traffic between the email client and the mail server but don't protect the message when its stored on the mail server or in your profile. For that you need to encrypt the message using either S/MIME or the Enigmail extension, or protect the contents of the profile. If you don't make a secure connection anybody who intercepts the network traffic can read everything, including your password. This is why some mail servers that don't support secure connections provide a secure authentication option. It provides a way to login to the mail server without sending your password in clear text, typically by sending a hash code instead of the password.

Thunderbird 2.x provides the following options for a secure connection:

  • Never
  • TLS, if available
  • TLS
  • SSL

TLS is based on the latest version of SSL but its not interoperable. The main reason it exists is so that the IETF can have an open, community supported standard (SSL was originally developed by Netscape). Both are just as secure. The main difference between the two protocols is that if the mail server supports STARTTLS you can make a normal connection to it, and then upgrade it to a TLS connection. Unfortunately this can cause confusion and create a security risk. This is because both "TLS, if available" and "TLS" don't actually create a TLS connection. They rely upon some optional extensions to the POP3, IMAP and SMTP protocols to support STARTTLS.

If you select "TLS" the email client will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. If the mail serrer doesn't support STARTTLS the connection fails. This occurs before Thunderbird logs into the mail server, so your password and messages are always sent over a secure connection.

If you select "TLS if available"the email client will make a TCP/IP connection to the mail server and send a command to ask what capabilities the mail server has. If it says it supports STARTTLS Thunderbird will change the connection to a TLS connection. However, if the mail server doesn't support STARTTLS the connection doesn't fail. Thunderbird continues to use a normal connection. This is a security risk since Thunderbird doesn't display some icon to indicate whether the connection is secure like a browser does, and you're vulnerable to man in the middle attacks (MITM).

A man in the middle attack is a type of active eavesdropping where two victims think they're communicating directly but in reality the "attacker" is relaying all of the information between them. If Thunderbird somehow connected to the attackers mail server and it changed the capability information to state your mail server didn't support TLS it would be able to eavesdrop on your password and messages because Thunderbird would continue to use a TCP/IP connection.

In reality you have a Never, SSL and two mislabeled STARTTLS options. Thunderbird 3.0 beta 2 is supposed to change the user interface to solve this problem. Its recommended that if your mail server supports both TLS and SSL you choose SSL since its just as secure, and it will always either make a secure connection or fail.

See also

External links