Closed Bug 1868517 Opened 1 year ago Closed 3 months ago

Remove deprecated trySTARTTLS references and replace with alwaysSTARTTLS, and migrate any accounts using trySTARTTLS to alwaysSTARTTLS.

Categories

(Thunderbird :: Account Manager, task)

Tracking

(thunderbird_esr128 fixed)

RESOLVED FIXED
132 Branch
Tracking Status
thunderbird_esr128 --- fixed

People

(Reporter: vineet, Assigned: mkmelin)

Details

Attachments

(1 file)

Currently trySTARTTLS is still being referenced and used when it has been deprecated. Due to the potential of MITM attacks, it would appropriate to replace any references with alwaysSTARTTLS, and migrate any accounts that might be using trySTARTTLS.

Some input from a user's perspective.

Also please update the user facing UI.
It still says STARTTLS. it would be useful if it would inform the user that while it is STARTTLS it differs from the implementation by enforcing encrypted and therefore authenticated connections :)
I didn't realize Thunderbird already did that.

is there a way for me to distinguish trySTARTTLS in the current UI from alwaysSTARTTLS?

The UI hasn't allowed selecting it in the UI for decades. If you have an anchient profile, the UI will still show it, as "STARTTLS, if available"

Very few users will have this, as it's not been shown in the UI for many many years.

Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED

which is a good thing. All I'm saying is that the internet still tells you as a user how insecure STARTTLS is. Noone tells you that (certain) Mailclients implement it securely already.

Attachment #9424236 - Attachment description: Bug 1868517 - Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=#thunderbird-reviewers → Bug 1868517 - Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat
Target Milestone: --- → 132 Branch

Pushed by vineet@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/a7811299d8f8
Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat

Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED

Comment on attachment 9424236 [details]
Bug 1868517 - Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat

[Approval Request Comment]
User impact if declined: I had initially thought we shouldn't uplift. But if we don't uplift, we can't uplift any migrations (easily) and I already have one that's needed in bug 1911951
Testing completed (on c-c, etc.): c-c, beta
Risk to taking this patch (and alternatives if risky): some small risk that users with ancient profiles using this setting would not have a server supporting STARTTLS in the end, and would have to manually set connection security to plaintext. But they would face it sooner or later nonetheless.

Attachment #9424236 - Flags: approval-comm-esr128?

Comment on attachment 9424236 [details]
Bug 1868517 - Remove deprecated trySTARTTLS and migrate any accounts using trySTARTTLS to alwaysSTARTTLS. r=leftmostcat

[Triage Comment]
Approved for esr128

Attachment #9424236 - Flags: approval-comm-esr128? → approval-comm-esr128+
You need to log in before you can comment on or make changes to this bug.