TB Version 78.4 Incompatible with Earthlink ISP EMail Servers or visa versa
Immediately after updating TB to Version 78.4 my email accounts with Earthlink and Comcast ISP's stopped functioning (incoming and outgoing). I have used TB for over 5 years and been running IMAP on all my email accounts with previous versions of TB without any issues. After trying fixes found on support forums (i.e. changing config setting security.tls.version.min from 3 to 1) I was able to get my Comcast accounts working but not my Earthlink account (which is my primary account). After 1 1/2 hours with Earthlink Tech support, I was told I needed to reinstall TB with the previous version that worked. For me this is unacceptable. Why use a specific Email client if new versions do'nt work with my ISP's or I need to tweak config files. This should all be transparent to the user. Can anyone help me with fixing my problem. Thanks.
Wšě wotmołwy (7)
One person solved it https://support.mozilla.org/en-US/questions/1310338#answer-1362433 - which unfortunately is not great security. But it does suggest, despite claims to the contrary, that this is still a TLS or other auth issue with earthlink.
TLS 1.2 is a decade old - mail providers should have been on board long ago.
also solved at https://support.mozilla.org/en-US/questions/1311285
On 11/24 or 11/25 again, mysteriously; inbound downloads and outbound send for my Earthlink primary email account started functioning properly again.I have changed nothing since my initial fix change to config setting security.tls.version.min from 3 to 1. It has been 2 to 3 days now and all is still functioning correctly. Neither Earthlink ISP or TB team have indicated or acknowledged any changes. Interesting how these providers and players seem to be covertly making changes and neither admitting they were the problem. Must be an industry pride thing. I vaguely remember something about this from my days working in computer industry. The hardware guys say It's the software guys problem .... the software guys say it's the hardware guys problem. Someone had to change something. Nice going guys. And the user is at the mercy of both of them. Hmmmm.... Thanks to whoever fixed this.
> On 11/24 or 11/25 again, mysteriously; inbound downloads and outbound send for my Earthlink primary email account started functioning properly again.I have changed nothing since my initial fix change to config setting security.tls.version.min from 3 to 1. It has been 2 to 3 days now and all is still functioning correctly. Neither Earthlink ISP or TB team have indicated or acknowledged any changes.
Check help > troubleshooting > "show updates history" and you can see for yourself whether thunderbird changed.
Another possibility is something changed in your AV product, which I think you have not identified.
Thanks for your help and all the tips Wayne Mery. I have checked TB versions, to current 78.5.0 version, since the problem began and nothing in release notes indicated any changes relative to the problem. I turned off AV product every time I changed something and that did not correct the problem. Although I changed 'security.tls.version.min' from 3 to 1, that did not correct the problem and sfhowes posted a response on 10/25/20:
'If Earthlink's mail servers don't support TLS 1.2, you can change a preference in TB 78 to make it work with their servers: https://support.mozilla.org/en-US/questions/1295861 but if the connection security is 'none', the TLS version shouldn't matter.'
I changed the security settings to Connection security - None' and Authentication method - Password, transmitted insecurely' (and are still on that setting) and that did not fix the problem. So the TLS version issue 'shouldn't matter' and should have eliminated the problem with Earthlink, but it didn't. So this is my reasoning for calling all this 'mysterious'. Bottom line; Earthlink appears to not support TLS version 1.2 and appears the TB team probably knew or should have known there were Email ISP's that didn't support TLS version 1.2 but went ahead and eliminated support anyway for TLS version 1.1 in new TB versions without any notification to TB users. So back to the point in my original post of 10/23/20 'This should all be transparent to the user.' It was not transparent, a major issue, and prevented the use of my primary Email account for 5 weeks. Again, thanks to whoever mysteriously fixed the problem.
Agreed, Thunderbird faulting and not telling the user why is far from ideal.
But let's be clear about the deprecation, it would be irresponsible to support older, vulnerable TLS and likewise irresponsible to let you think it would be OK.
- TLS 1.2 has been available for a decade, so there is no excuse for a provider to not support it. https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.2
- mail server operators had a good two years notice that this would happen. "In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020.[11]". https://en.wikipedia.org/wiki/Transport_Layer_Security#TLS_1.0 So TLS 1.0 and 1.1 were declared "not safe" as early as 2018, and in 2020 would be going away. So the fact is some mail providers have dragged their feet and put their users at significant risk.
Some references:
- https://www.quora.com/Is-TLS-1-1-safe
- https://www.funio.help/hc/en-us/articles/360000470208-TLS-v1-0-1-1-deprecation-and-TLS-v1-2-implementation
- https://threatpost.com/riskrecon-the-tls-1-2-deadline-is-looming-do-you-have-your-act-together/157296/
Thanks for the help and history lesson Wayne. If not for people like you I would not understand how all the puzzle pieces fit. I'm just as frustrated with Earthlink and there inability to support current security technology (and have communicated that to them) as I am with TB for not a least a heads up. Just like Microsoft does when they discontinue support for an older OS. At least publicly acknowledge what your doing as opposed to just throwing out changes (and possibly creating major user problems, like my email being unusable for 5 weeks) because you think you are technologically justified. Both these service suppliers need to pull their heads out of the 'code' and rules and get into the real world (maybe even a little inter-industry communication, please). From being a part of this industry for 35 years (1972-2007), this whole debacle and my frustration is more about professionalism and good customer service. If you want to play with the big boys you need treat your customers right. Both these service suppliers have proven how small and insignificant they really are. This was not professional and certainly not good customer support (on both sides of this debacle) period! Thanks again for your support.