Sending of the message failed. Peer using unsupported version of the security protocol.
I just did a fresh installation of the current version of Thunderbird. Other machines on our LAN are sending and receiving fine with identical settings, but this machine can only receive mail, but sending gives this error:
Sending of the message failed. Peer using unsupported version of the security protocol. The configuration related to mail.[our domain].com must be corrected.
Clean windows 10 OS install Thunderbird new install version 78.1.0
I tried lowering the as suggested [https://support.mozilla.org/en-US/que.../1295861|here], but that didn't appear to change anything.
All Replies (9)
Whoops, left out the specifics of what I did to try to fix the problem (which didn't work):
I lowered the security.tls.version.min setting from the default 3, to 2 in Config editor, as suggested in the thread here:
Does the problem machine have a different security app from the others? Some AV apps that scan secure connections can interfere with sending, and might produce the kind of error you're seeing. You could test by running in Windows safe mode, which bypasses startup apps like AV. In general, the TB profile folder should be excluded from AV scanning, and in addition, scanning of secure connections should be disabled.
sfhowes said
Does the problem machine have a different security app from the others? Some AV apps that scan secure connections can interfere with sending, and might produce the kind of error you're seeing. You could test by running in Windows safe mode, which bypasses startup apps like AV. In general, the TB profile folder should be excluded from AV scanning, and in addition, scanning of secure connections should be disabled.
The machine only has a base windows 10 installation (up to date as of yesterday), so there's no AV beyond what the windows installer includes. About scanning secure connections, I don't think this machine is configured any differently than the others on the network that are sending ok. Is there a windows 10 firewall or other security feature that could be interfering here? Thanks for the reply.
I don't think Windows Defender is an issue here, although the TB profile folder should be added as an Exclusion in WD settings. Just the same, I would run in Windows safe mode, and double-check server settings for the outgoing smtp, and see that the sending account is using the smtp with the same User Name (if you have multiple accounts in TB).
sfhowes said
I don't think Windows Defender is an issue here, although the TB profile folder should be added as an Exclusion in WD settings. Just the same, I would run in Windows safe mode, and double-check server settings for the outgoing smtp, and see that the sending account is using the smtp with the same User Name (if you have multiple accounts in TB).
I added TB as an exclusion in the firewall. I also shut down the firewall/WD completely and the error persists. Double/triple/quadruple checked the outgoing settings.
Thunderbird no longer supports TLS v1 or 1.1 or SSL3.
I suggest you test your mail server against the web site linked below and see if it actually supports a current version of TLS/SSL. I have seen a topic involving TPG where the provider does not recommend any encryption and does not support modern security.
According to this site, https://revdistribution.com supports TLS 1.0 - 1.3, but not SSL v. 2 & 3.
So, can I lower the security.tls.version.min to 1, or will that fail because 1 isn't supported?
I think what you need to do is change the connection settings to connection security to none.
While the server revdistribution.com supports TLS v1`.2 and 1.3 on the HTTP side of things See https://www.immuniweb.com/ssl/?id=g1AvXtPa , the mail server does not support connection security on it's SMTP side. DNS points to mail.revdistribution.com as being the mail exchanger for that domain. See https://intodns.com/revdistribution.com
Results of SSL/TLS checks on the mail server show. https://www.immuniweb.com/ssl/?id=C0M6FkX0
mail.revdistribution.com port 465 , port 993 and port 25 do not support connection security at all other than TLS V1.0
Changing the supported protocols is like buying a safe and cutting a hole in the side because you can not be bothered to get the key out of the draw. Just set connection security to none until the server can be brought into the current decade security wise.