Thunderbird fails to connect to server in FIPS mode
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
thunderbird (Ubuntu) |
Fix Released
|
Medium
|
Olivier Tilloy | ||
Xenial |
Fix Released
|
High
|
Olivier Tilloy | ||
Bionic |
Fix Released
|
High
|
Olivier Tilloy | ||
Eoan |
Fix Released
|
Medium
|
Olivier Tilloy | ||
Focal |
Fix Released
|
Medium
|
Olivier Tilloy | ||
Groovy |
Fix Released
|
Medium
|
Olivier Tilloy |
Bug Description
[Impact]
* Thunderbird may become useless after booting into FIPS mode - it refuses to connect to server displaying the following message:
Unexpected response from the server
This document cannot be displayed unless you install the Personal Security Manager (PSM). Download and install PSM and try again, or contact your system administrator.
This seems to be a result of the fact that despite Thunderbird for Ubuntu being with FIPS support disabled there's a piece of code that ignores the build flag and checks for `/proc/
Looks like upstream fix [1] needs to be applied to Thunderbird source under security/nss.
[Test Case]
* Configure an email account in Thunderbird. I was able to reproduce it with a gmail account.
* Install FIPS modules as described in [2].
* Boot into FIPS mode.
* Open Thunderbird.
[Regression Potential]
* I can't identify regression potential - this is clearly a bug fixed upstream by a simple fix.
[Other Info]
* Related Firefox bug: https:/
* I was able to backport this fix and test it - the problem was gone. Xenial build is available in ppa:dgadomski/
[1] https:/
[2] https:/
Changed in thunderbird (Ubuntu Xenial): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in thunderbird (Ubuntu Bionic): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in thunderbird (Ubuntu Focal): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in thunderbird (Ubuntu Groovy): | |
assignee: | nobody → Olivier Tilloy (osomon) |
Changed in thunderbird (Ubuntu Eoan): | |
assignee: | nobody → Olivier Tilloy (osomon) |
tags: | added: patch |
Changed in thunderbird (Ubuntu Groovy): | |
status: | New → In Progress |
Changed in thunderbird (Ubuntu Focal): | |
status: | New → Fix Committed |
Changed in thunderbird (Ubuntu Eoan): | |
status: | New → Fix Committed |
Changed in thunderbird (Ubuntu Bionic): | |
status: | New → Fix Committed |
Changed in thunderbird (Ubuntu Xenial): | |
status: | New → Fix Committed |
It is already included upstream starting from release 75.0b1.