Remove deprecated trySTARTTLS references and replace with alwaysSTARTTLS, and migrate any accounts using trySTARTTLS to alwaysSTARTTLS.
Categories
(Thunderbird :: Account Manager, task)
Tracking
(thunderbird_esr128 fixed)
Tracking | Status | |
---|---|---|
thunderbird_esr128 | --- | fixed |
People
(Reporter: vineet, Assigned: mkmelin)
Details
Attachments
(1 file)
48 bytes,
text/x-phabricator-request
|
corey
:
approval-comm-esr128+
|
Details | Review |
Currently trySTARTTLS is still being referenced and used when it has been deprecated. Due to the potential of MITM attacks, it would appropriate to replace any references with alwaysSTARTTLS, and migrate any accounts that might be using trySTARTTLS.
Some input from a user's perspective.
Also please update the user facing UI.
It still says STARTTLS. it would be useful if it would inform the user that while it is STARTTLS it differs from the implementation by enforcing encrypted and therefore authenticated connections :)
I didn't realize Thunderbird already did that.
is there a way for me to distinguish trySTARTTLS in the current UI from alwaysSTARTTLS?
Assignee | ||
Comment 2•4 months ago
|
||
The UI hasn't allowed selecting it in the UI for decades. If you have an anchient profile, the UI will still show it, as "STARTTLS, if available"
Assignee | ||
Comment 3•3 months ago
|
||
Very few users will have this, as it's not been shown in the UI for many many years.
Updated•3 months ago
|
which is a good thing. All I'm saying is that the internet still tells you as a user how insecure STARTTLS is. Noone tells you that (certain) Mailclients implement it securely already.
Updated•3 months ago
|
Assignee | ||
Updated•3 months ago
|
Pushed by vineet@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/a7811299d8f8
Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat
Assignee | ||
Updated•2 months ago
|
Assignee | ||
Comment 6•2 months ago
|
||
Comment on attachment 9424236 [details]
Bug 1868517 - Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat
[Approval Request Comment]
User impact if declined: I had initially thought we shouldn't uplift. But if we don't uplift, we can't uplift any migrations (easily) and I already have one that's needed in bug 1911951
Testing completed (on c-c, etc.): c-c, beta
Risk to taking this patch (and alternatives if risky): some small risk that users with ancient profiles using this setting would not have a server supporting STARTTLS in the end, and would have to manually set connection security to plaintext. But they would face it sooner or later nonetheless.
Comment 7•2 months ago
|
||
Comment on attachment 9424236 [details]
Bug 1868517 - Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat
[Triage Comment]
Approved for esr128
Comment 8•2 months ago
|
||
bugherder uplift |
Thunderbird 128.3.2esr:
https://hg.mozilla.org/releases/comm-esr128/rev/209ced368028
Description
•