How to configure Thunderbird to allow TLS negotiation to a 256 bit cipher instead of only 128 bit?
Hello,
I'm using Thunderbird 52.2.1 (64-bit) on FreeBSD 11. Thunderbird is configured to use an outgoing email server, node1, running postfix 2.6.6 that asks for a client certificate (smtpd_tls_ask_ccert = yes). I've installed an email certificate in Thunderbird to use for client authentication with the email server. The authentication is successful. The connection is trusted. However, the cipher is only 128 bit.
Here are the entries from the maillog: Sep 20 10:38:00 node1 postfix/smtpd[25302]: connect from unknown[256.58.99.231] Sep 20 10:38:00 node1 postfix/smtpd[25302]: setting up TLS connection from unknown[256.58.99.231] Sep 20 10:38:00 node1 postfix/smtpd[25302]: unknown[256.58.99.231]: TLS cipher list "ALL:+RC4:@STRENGTH:!aNULL" Sep 20 10:38:00 node1 postfix/smtpd[25302]: unknown[256.58.99.231]: Trusted: subject_CN=bill_sa@mydomain.us, issuer=My EmailCA Certificate, fingerprint=45:A0:95:08:6D:4D:5C:10:3F:87:C6:8D:A6:BB:8B:79 Sep 20 10:38:00 node1 postfix/smtpd[25302]: Trusted TLS connection established from unknown[256.58.99.231]: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)
The email server, node1, supports trusted TLS connections using 256 bit ciphers: Sep 5 15:49:08 node1 postfix/smtpd[26645]: Trusted TLS connection established from mxdalpx07.wellsfargo.com[159.45.87.83]: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits) Sep 5 23:24:17 node1 postfix/smtpd[30623]: Trusted TLS connection established from shvf11.jpmchase.com[159.53.46.148]: TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)
In fact most (~70%) of TLS connections (Trusted, Untrusted, and Anonymous) are using a 256 bit cipher.
In case you think the OS is suspect, here is a fresh example of an outgoing email sent by my brother using Thunderbird on Windows 10 (without an email certificate, so the connection is anonymous):
Sep 20 11:43:08 node1 postfix/smtpd[26344]: connect from 256-231-157-216.mpls.qwest.net[256.231.157.216] Sep 20 11:43:08 node1 postfix/smtpd[26344]: setting up TLS connection from 256-231-157-216.mpls.qwest.net[256.231.157.216] Sep 20 11:43:09 node1 postfix/smtpd[26344]: Anonymous TLS connection established from 256-231-157-216.mpls.qwest.net[256.231.157.216]: TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)
Is there a way to configure Thunderbird so it will negotiate the TLS connection to a stronger cipher (256 bit), in general, but my interest is specifically for the case where a client certificate is used?
Thanks, Bill
Wubrane rozrisanje
Thinking about it, the term "lowest common denominator" probably is somewhat misleading.
I think this describes it more accurately: In TLS the client sends a list of supported cipher suites, ordered from most preferred to least preferred. The server also has a list of supported cipher suites ordered by preference, and selects its most preferred cipher suite that the client also supports.
Tutu wotmołwu w konteksće čitać 👍 0Wšě wotmołwy (4)
The cert plays no role in negotiating the TLS connection with the server, it's strictly for authentication purposes. The server determines the cipher suite to be used for the TLS connection. It is the lowest common denominator supported by both, Thunderbird, and the server.
Why the server chooses the cipher suite it does, I don't know. Since you do seem to have access to the server logs, you can probably find out.
Did you change any TLS preferences in Thunderbird via about.config?
You may also look at the Thunderbird error console if that gives any clues. Ctrl-Shift-J
Also, take a look at this support topic. https://support.mozilla.org/en-US/questions/1116781
Thanks for your reply.
The server's TLS cipher list was ALL:+RC4:@STRENGTH:!aNULL.
I didn't think about the config editor until after posting this question. All the security.ssl3.* preferences, which appear to be the supported ciphers, were defaulted to true.
The piece that I wasn't aware of was "lowest common denominator". The first cipher in the preferences security.ssl3.* list was security.ssl3.dhe_rsa_aes_128_sha. The maillog above shows that is the cipher that the mail server settled on.
I found a link, https://www.privacy-handbuch.de/handbuch_31k.htm (Google translate helps) that suggested settings for Thunderbirds security preferences. I made the suggested changes, but that didn't work with my mail server. That's something I can investigate.
Then I saw your post. The "lowest common denominator" part seems to be the key. I should be working on the mail server configuration, not Thunderbird, changing the mail server's postfix smptd settings to require the better ciphers. The email clients would be (forced into) using a more secure connection without the users having to configure them.
Thanks, Bill
Wubrane rozrisanje
Thinking about it, the term "lowest common denominator" probably is somewhat misleading.
I think this describes it more accurately: In TLS the client sends a list of supported cipher suites, ordered from most preferred to least preferred. The server also has a list of supported cipher suites ordered by preference, and selects its most preferred cipher suite that the client also supports.
The answer to my original question is:
bring up the 'Thunderbird Preferences' window, click on the 'Config Editor' button accept the risk search on security.ssl3. the first preference in the list is: security.ssl3.dhe_rsa_aes_128_sha ( a 128-bit cipher) set it to false the second preference in the list is: security.ssl3.dhe_rsa_aes_256_sha (a 256-bit cipher)
with that change in settings, the email server negotiated a TLS connection using the second preference which is a 256-bit cipher.
That is the simplest answer to my question.
It may be advisable to continue setting preferences for ciphers to false until the set suggested in the www.privacy-handbuch.de link above are arrived at. security.ssl3.dhe_rsa_aes_256_sha was not in that list.
Since I was looking for a more secure cipher, this would probably be a better answer to my question.
Since I didn't understand the negotiation between the email server and Thunderbird in setting up a TLS connection, I was looking to fix the poor selection of cipher by configuring Thunderbird.
Since I manage the postfix email server, It appears that better choice is to configure postfix's main.cf to "harden the SSL connection". I will restore Thunderbird to its original configuration and try the postfix settings specified in https://bettercrypto.org/static/applied-crypto-hardening.pdf.
Thanks for your help is getting me to this understanding.
Bill