After upgrading my Thunderbird to version 38.1.0, it couldn't "speak" with my mail server (debian 8 , ispconfig - everything freshly updated). In the error console of Thunderbird the error reported was: "Error: An error occurred during a connection to mail.blahblah.gr:143. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key)". The whole story has to do with weaknesses of the TLS protocol (https://weakdh.org/ ) The easy workaround is to make a couple of configuration changes in Thunderbird, as described here http://forums.mozillazine.org/viewt...id=26db6c9cd3c3321aaec6ecb3e176d19f#p14239367 The real solution would be to configure at the side of the server all TLS-dependent services not to use the "weak" DHE_EXPORT ciphers. Is anyone aware of what configuration changes need to be done? As lots of people are using thunderbird, this problem is going to affect lots of ISPConfig installations in the next days.. tsapi
Please try f the SSL cipher changes described in this document are sufficient to avoid the warning: https://www.howtoforge.com/how-to-secure-your-ispconfig-3-server-against-the-poodle-ssl-attack
There are some differences between what described in the message and waht I actually did (had to do): 1. in Code: /etc/apache2/mods-available/ssl.conf the actual config line is Code: SSLProtocol all -SSLv3 and I edited it to Code: SSLProtocol all -SSLv2 -SSLv3 2. in Code: /etc/courier/pop3d-ssl should the configuration entry be Code: POP3_STARTTLS=YES , and NOT Code: POP3STARTTLS=YES (as mentioned in the message)? If my assumption is correct, then the message (instructions) should maybe edited to avoid misunderstandings. Anyway, I made all the changes described in the message, but Thunderbird still doesn't "work", with the same error message. tsapi
Oh well, the whole problem I am describing is the logjam-attack, after all.. And there is already a tutorial in howtoforge: https://www.howtoforge.com/tutorial...-and-ubuntu-server-against-the-logjam-attack/ But.. what changes need to be done in the configuration of courier? The above mentioned tutorial refers only to dovecot.. TIA , tsapi