Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

thunderbird tls handshake not for imap connection

  • 1 nzaghachinzaghachi
  • 0
  • 3 views
  • Nzaghachi ikpeazụ nke cmhuddart1

more options

Hi, Recently thunderbird stopped being able to connect to mail.talktalk.net. When it connect another server I see. 304 14.502182 192.168.0.2 213.120.69.4 TLSv1.2 571 Client Hello

Outbound connection to imap server from thunderbird 306 14.515497 213.120.69.4 192.168.0.2 TLSv1.2 1500 Server Hello reply from imap server 308 14.515497 213.120.69.4 192.168.0.2 TLSv1.2 771 Certificate, Server Key Exchange, Server Hello Done

cert exchange for tls 1.2 whereas for mail.talktalk.net I see. 9 146.403246 192.168.0.2 153.92.174.228 TLSv1.3 571 Client Hello 41 146.440457 153.92.174.228 192.168.0.2 TLSv1.3 1500 Server Hello, Change Cipher Spec, Application Data

49 146.442019 153.92.174.228 192.168.0.2 TLSv1.3 1385 Application Data

51 146.452209 192.168.0.2 153.92.174.228 TLSv1.3 134 Change Cipher Spec, Application Data The cert exchange from hello doesn't start. They will likely blame the client though I am fairly convinced it's or pki cert problem. What the server hello contents contains. TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec

   Content Type: Change Cipher Spec (20)
   Version: TLS 1.2 (0x0303)
   Length: 1
   Change Cipher Spec Message

My guess they've enabled tls 1.3 protocol but not configured it work and are relying a fall back to 1.2. The working connection doesn't initilases as tls 1.2. Is there a way force a thuinderbird to use a specific tls version by server.

Hi, Recently thunderbird stopped being able to connect to mail.talktalk.net. When it connect another server I see. 304 14.502182 192.168.0.2 213.120.69.4 TLSv1.2 571 Client Hello Outbound connection to imap server from thunderbird 306 14.515497 213.120.69.4 192.168.0.2 TLSv1.2 1500 Server Hello reply from imap server 308 14.515497 213.120.69.4 192.168.0.2 TLSv1.2 771 Certificate, Server Key Exchange, Server Hello Done cert exchange for tls 1.2 whereas for mail.talktalk.net I see. 9 146.403246 192.168.0.2 153.92.174.228 TLSv1.3 571 Client Hello 41 146.440457 153.92.174.228 192.168.0.2 TLSv1.3 1500 Server Hello, Change Cipher Spec, Application Data 49 146.442019 153.92.174.228 192.168.0.2 TLSv1.3 1385 Application Data 51 146.452209 192.168.0.2 153.92.174.228 TLSv1.3 134 Change Cipher Spec, Application Data The cert exchange from hello doesn't start. They will likely blame the client though I am fairly convinced it's or pki cert problem. What the server hello contents contains. TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec Content Type: Change Cipher Spec (20) Version: TLS 1.2 (0x0303) Length: 1 Change Cipher Spec Message My guess they've enabled tls 1.3 protocol but not configured it work and are relying a fall back to 1.2. The working connection doesn't initilases as tls 1.2. Is there a way force a thuinderbird to use a specific tls version by server.

All Replies (1)

more options

Hi, Can someone confirm that root cause is an incorrect server hello responce. if connect Working imap connection to a server configured for tls1.2 I see the following responce Frame 12: 1500 bytes on wire (12000 bits), 1500 bytes captured (12000 bits) on interface \Device\NPF_{A6ABBF3F-4835-41BB-9C1D-FE553DAF1657}, id 0 Ethernet II, Src: SkyUk_ec:ae:f1 (80:72:15:ec:ae:f1), Dst: RivetNet_18:ed:1d (9c:b6:d0:18:ed:1d) Internet Protocol Version 4, Src: 213.120.69.1, Dst: 192.168.0.2 Transmission Control Protocol, Src Port: 993, Dst Port: 57371, Seq: 1, Ack: 518, Len: 1446 Transport Layer Security

   TLSv1.2 Record Layer: Handshake Protocol: Server Hello
       Content Type: Handshake (22)
       Version: TLS 1.2 (0x0303)
       Length: 63
       Handshake Protocol: Server Hello
           Handshake Type: Server Hello (2)
           Length: 59
           Version: TLS 1.2 (0x0303)
           Random: bf73444ac65d629b2554b9884babce404dd1582837670d044c8774108446f2ab
           Session ID Length: 0
           Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
           Compression Method: null (0)
           Extensions Length: 19
           Extension: renegotiation_info (len=1)
               Type: renegotiation_info (65281)
               Length: 1
               Renegotiation Info extension
           Extension: session_ticket (len=0)
               Type: session_ticket (35)
               Length: 0
               Data (0 bytes)
           Extension: ec_point_formats (len=2)
               Type: ec_point_formats (11)
               Length: 2
               EC point formats Length: 1
               Elliptic curves point formats (1)
           Extension: extended_master_secret (len=0)
               Type: extended_master_secret (23)
               Length: 0
           [JA3S Fullstring: 771,49199,65281-35-11-23]
           [JA3S: 92b5be817fd08957ff9f1384aa41f438]


Failing connection to imap connection to mail.talktalk.net

Frame 6: 1500 bytes on wire (12000 bits), 1500 bytes captured (12000 bits) on interface \Device\NPF_{A6ABBF3F-4835-41BB-9C1D-FE553DAF1657}, id 0 Ethernet II, Src: SkyUk_ec:ae:f1 (80:72:15:ec:ae:f1), Dst: RivetNet_18:ed:1d (9c:b6:d0:18:ed:1d) Internet Protocol Version 4, Src: 153.92.174.228, Dst: 192.168.0.2 Transmission Control Protocol, Src Port: 993, Dst Port: 53655, Seq: 1, Ack: 518, Len: 1446 Transport Layer Security

   TLSv1.3 Record Layer: Handshake Protocol: Server Hello
       Content Type: Handshake (22)
       Version: TLS 1.2 (0x0303)
       Length: 122
       Handshake Protocol: Server Hello
           Handshake Type: Server Hello (2)
           Length: 118
           Version: TLS 1.2 (0x0303)
           Random: 6294798c22ce2d0b8ce11f343f85c42943945e412ea87ad7882da911fb508060
           Session ID Length: 32
           Session ID: 5e88d87fcad63a2f5f80cf80e2711d564a3ca32448458f9f891635018d4b0c83
           Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302)
           Compression Method: null (0)
           Extensions Length: 46
           Extension: supported_versions (len=2)
           Extension: key_share (len=36)
           [JA3S Fullstring: 771,4866,43-51]
           [JA3S: 15af977ce25de452b96affa2addb1036]
   TLSv1.3 Record Layer: Change Cipher Spec Protocol: Change Cipher Spec
       Content Type: Change Cipher Spec (20)
       Version: TLS 1.2 (0x0303)
       Length: 1
       Change Cipher Spec Message
   TLSv1.3 Record Layer: Application Data Protocol: Internet Message Access Protocol
       Opaque Type: Application Data (23)
       Version: TLS 1.2 (0x0303)
       Length: 27
       Encrypted Application Data: 40e7b7469dbb3e53588826fb4d349ca927ee6ddf90d24d114f8b19
       [Application Data Protocol: Internet Message Access Protocol]

This contents of the server_hello for mail.talktalk.net windows 10 supports the specified cipher. PS > Get-Tlsciphersuite


KeyType  : 0 Certificate  : MaximumExchangeLength : 0 MinimumExchangeLength : 0 Exchange  : HashLength  : 0 Hash  : CipherBlockLength  : 16 CipherLength  : 256 BaseCipherSuite  : 4866 CipherSuite  : 4866 Cipher  : AES Name  : TLS_AES_256_GCM_SHA384 Protocols  : {772} Is it normal for tls1.3 server_hello to contain tls1.2 fields? I would expect tls1.3 payload to have tls1.3 element tags within it not tls1.2!