Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#20751 closed enhancement (fixed)

enforce stronger ciphers in torbirdy

Reported by: cypherpunks Owned by: sukhbir
Priority: Low Milestone:
Component: Applications/TorBirdy Version:
Severity: Minor Keywords: torbirdy, thunderbird, TorBirdy0.2.2
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


The last RFC from 2015 regarding TLS ( makes
recommendations regarding the use of ciphers, this ciphers are just included in TLS v. 1.2.
4.2. Recommended Cipher Suites

Given the foregoing considerations, implementation and deployment of
the following cipher suites is RECOMMENDED:


These cipher suites are supported only in TLS 1.2 because they are
authenticated encryption (AEAD) algorithms [RFC5116].</i>

Maybe it's a good idea for torbirdy to enforce stronger ciphers and tls v 1.2 (TLS v 1.1 was published in 2006 and TLS v1.2 published in 2008) and only to allow weaker ciphers if the user deliberately changes the setting (eg in "Torbirdy Preferences", checkbox "Allow weak ciphers and TLS downgrade"). Esp. because torbirdy users always face the risk of a malicious exit node, that might try a downgrade attack. And if an email provider in late 2016, still doesn't support the IETF recommendations from 2016 (RFC 7525), maybe it's just not a good idea to use them with torbirdy (by specifically enabling weaker settings, by checking a box, the user should know that it's not the best idea to use this email provider any longer)

Therefore I recommend the following tls/tls-settings for torbirdy's next release.
(I took them from this German site:

security.tls.version.min = 3 enforce tls v 1.2
security.ssl3.* false
security.ssl3.ecdhe_rsa_aes_128_gcm_sha256 true
security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 true

prevent insecure recognition
security.ssl.require_safe_negotiation true
security.ssl.treat_unsafe_negotiation_as_broken true

strict key pinning [1]
security.cert_pinning.enforcement_level 2


Child Tickets

Attachments (1)

mailserver.txt (2.7 KB) - added by cypherpunks 3 years ago.
mailserver overview

Download all attachments as: .zip

Change History (7)

comment:1 Changed 4 years ago by sukhbir

Keywords: TorBirdy0.2.2 added

Thanks for reporting this issue.

We have been meaning to do this and while we do have safer secure defaults than Thunderbird (see below from components/torbirdy.js), I agree we can do better.

  // Thunderbird 23.0 uses the following preference.
  "security.tls.version.min": 1,
  "security.tls.version.max": 3,

and ...

  // Reject all connection attempts to servers using the old SSL/TLS protocol.
  "security.ssl.require_safe_negotiation": true,
  // Warn when connecting to a server that uses an old protocol version.
  "security.ssl.treat_unsafe_negotiation_as_broken": true,

Part of the reason I delayed this was because we need a way for users to be able to use less secure defaults via TorBirdy's preferences and I haven't spend much time thinking on how to do that yet.

Let's tackle this in the 0.2.2 release.

comment:2 Changed 4 years ago by Diapolo

I'd like to support the idea of better and safer defaults!

"security.tls.version.min": 1,
"security.tls.version.max": 3,

I'm able to use 3, 3 and would also be able to use 3, 4 if Thunderbird supports TLS 1.3, so it's bad that these are getting overwritten ;).

comment:3 in reply to:  2 Changed 4 years ago by sukhbir

Replying to Diapolo:

I'd like to support the idea of better and safer defaults!

"security.tls.version.min": 1,
"security.tls.version.max": 3,

I'm able to use 3, 3 and would also be able to use 3, 4 if Thunderbird supports TLS 1.3, so it's bad that these are getting overwritten ;).

I am thinking of going with:

"security.tls.version.min": 3,
"security.tls.version.max": 3,

And then have an opt-out if this breaks some mail providers, with the preferences (set via TorBirdy's preferences dialog):

"security.tls.version.min": 1,
"security.tls.version.max": 3,

comment:4 Changed 4 years ago by sukhbir

Resolution: fixed
Status: newclosed

Fixed in c0e12ccb9. Please let me know in case we can enforce even stronger ciphers without breaking major email providers?

Changed 3 years ago by cypherpunks

Attachment: mailserver.txt added

mailserver overview

comment:5 Changed 3 years ago by cypherpunks

I tried to start a list of the most common mail providers that support ECDHE-RSA-AES128-GCM-SHA256 and it turns out that most do. (Actually, I hoped to start it as a wiki pages but I couldn't figure out how) -> see attachment

Last edited 3 years ago by cypherpunks (previous) (diff)

comment:6 Changed 3 years ago by cypherpunks

Just for the sake of completness, TB 52 adds support for:

Note: See TracTickets for help on using tickets.