Confirm security exception doesn't confirm, keeps popping up
On different laptops, I have 2 POP3 mailboxes configured to thunderbird in a similar manner.
1 account works fine but the other keeps popping up 'confirm security exception ' msgs when i try to download mails. once i confirm, nothing happens and so i click 'get messages' again and again the confirm... will pop up.
What is wrong? How can i fix it? I,ve checked setting for both accounts and they are almost identical except for the email addresses , pw etc
I have uploaded the error popup which I do not find very useful.
Toutes les réponses (1)
I ran a test on the server. https://www.immuniweb.com/ssl/jaskiewicz.us/8ukdQsES/
The issue is The DIFFIE-HELLMAN parameter is weak. The key size (DH parameter) in the Diffie-Hellman key exchange method in the TLS is set to 1024 bits . A longer value of at least 2048 bits is required. This has been a standard security issue for years, with logjam being published as a security vulnerability in 2015.
The issue here is there are two errors. The first is the one providing the dialog. The certificate is simply not trusted so a trust needs to be established to allow the certificate to really be processed. The second is causing the apparent not saving as the connections can not be made because of defective TLS on the server.
Basically either get the server correctly configured or use a connection protocol that uses no connection encryption.
Given the information on the webhosting support page https://webhostingnz.com/help/How-do-I-configure-an-Email-Account/ they recommend no TLS/SSL. This may be Thunderbird attempting to use TLS through it's auto detection, because it is available, just broken.
Personally I suggest you get a host that is connected on security issues and does not expect you to use no encryption because they have not updated their infrastructure to mitigate known security threads that are years and years old.
POP3 Account: Incoming server POP3: mail.'yourdomainname' (replace 'yourdomainname with your actual domain name.) Outgoing Server (SMTP): mail.'yourdomain.com' (replace 'yourdomain.com' with your actual domain name.) Username: (if you are setting up an email account that you have created in your hosting control panel, the username will be the entire email address.) Password: The one you gave the email account when you created it in your control panel. POP3 port: 110 SMTP port: 26 SSL ticked: No Outgoing server requires verification should be ticked, with the same username and password as entered for the incoming server. Your email client should be configured to check for emails every 2 or more minutes, if it is set to constantly check it will result in getting your connection blocked by the server. IMAP Account: Incoming server: mail.'yourdomainname' (replace 'yourdomainname with your actual domain name.) Outgoing Server (SMTP): mail.'yourdomain.com' (replace 'yourdomain.com' with your actual domain name.) Username: (if you are setting up an email account that you have created in your hosting control panel, the username will be the entire email address.) Password: The one you gave the email account when you created it in your control panel. Incoming server port: 143 Outgoing server port: 26 SSL ticked: No
To summarize, the encrypted connection would work and allow an exception except the provider has chosen not to fix the logjam vulnerability from 2015 so Thunderbird will not store the certificate.