Mozilla 도움말 검색

고객 지원 사기를 피하세요. 저희는 여러분께 절대로 전화를 걸거나 문자를 보내거나 개인 정보를 공유하도록 요청하지 않습니다. "악용 사례 신고"옵션을 사용하여 의심스러운 활동을 신고해 주세요.

자세히 살펴보기

Digital Signatures are maked as not valid in TB 115.1.0 (64-bit) Windows

  • 7 답장
  • 3 이 문제를 만남
  • 136 보기
  • 최종 답변자: christ1

more options

In TB 115.1.0 (64-bit) on Windows digital signature are maked as not valid for an unknown reason. This happens at least with emails send from Outlook clients. In TB 102.14.0 (64-bit) on Windows this digital signatures were shown as valid. However, digitsal signatures of emails send from other clients (e.g. Thunderbird, Nine from 9folders) are shown as valid.

In TB 115.1.0 (64-bit) on Windows digital signature are maked as not valid for an unknown reason. This happens at least with emails send from Outlook clients. In TB 102.14.0 (64-bit) on Windows this digital signatures were shown as valid. However, digitsal signatures of emails send from other clients (e.g. Thunderbird, Nine from 9folders) are shown as valid.
첨부된 스크린샷

선택된 해결법

Slightly more updated info at https://blog.thunderbird.net/2023/10/thunderbird-115-and-signatures-using-the-obsolete-sha-1-algorithm/

Basically can still accept SHA-1 signatures if you have to by setting mail.smime.accept_insecure_sha1_message_signatures to true in the Config Editor.

Would be nice if we could still see the signer's certificate as we can with all other signature errors (e.g. changed content by an intermediate server, sender address mismatch, etc) but that would be a bug report.

문맥에 따라 이 답변을 읽어주세요 👍 0

모든 댓글 (8)

more options

I have to wonder if it is the email that is not valid as per the discussion here https://thunderbird.topicbox.com/groups/e2ee/T73970314d54cdfdb-Me264daf5de25d4c964ff3462

more options

The send and received emails are exactly the same (despite the additional headers" Received: from ...). My issues is with validating the signature of receiving emails.

more options

It looks like you're having an issue with digital signatures not being recognized as valid in Thunderbird 115.1.0 on Windows, especially with emails sent from Outlook clients. It's great that you've noticed this change from Thunderbird 102.14.0. This could be due to changes in how digital signatures are handled in the newer version. To troubleshoot, try checking Thunderbird's security settings and ensure that any required certificates are installed and up-to-date. Remember, digital signature verification involves a complex process, so a little digging might be needed to pinpoint the issue.

more options

The certificates are installed and up-to-date and the security settings are the same on both versions. In the meantime I tried with an encrypted message which I sent to myself. Decrypting worked, but the error message for the signature now says that "The messge was signed using an encryption strength that this version of your software does not support."

I use an RSA key with key size 2048, signature algorithm SHA-256 with RSA Encryption Version 3.

more options

Is there anything related in the Error Console (CTRL-Shift-J)?

more options

The error console shows only some warnings about ignored declarations like "mso-style-type" etc.

I did some further testing with the hash algorithms in Outlook and I saw that the signatures of emails using SHA-256, SHA-384 and SHA-512 for singing are validated by Thunderbird 115.1.0.

The problem exists only for signatures when Outlook uses the SHA-1 for signing, which unfortunately seems to be the default.

more options
The problem exists only for signatures when Outlook uses the SHA-1 for signing, ...

See https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

... which unfortunately seems to be the default.

I don't know whether SHA-1 signatures are the default for Outlook, but it's certainly configurable. Having said that, I do find Outlooks S/MIME handling very weird to say the least. And it often does not find a recipients certificate for encryption, even though it's clearly there.

more options

선택된 해결법

Slightly more updated info at https://blog.thunderbird.net/2023/10/thunderbird-115-and-signatures-using-the-obsolete-sha-1-algorithm/

Basically can still accept SHA-1 signatures if you have to by setting mail.smime.accept_insecure_sha1_message_signatures to true in the Config Editor.

Would be nice if we could still see the signer's certificate as we can with all other signature errors (e.g. changed content by an intermediate server, sender address mismatch, etc) but that would be a bug report.

글쓴이 velosol 수정일시