Public bug reported: We recently tightened up the SSL ciphers offered by our corporate LDAP server and it broke Thunderbird's LDAP integration. Specifically Thunderbird couldn't connect unless SHA1 ciphersuites were offered by the LDAP server.
Didn't work: prio ciphersuite protocols pfs 1 AES256-SHA256 TLSv1.2 None None 2 AES128-SHA256 TLSv1.2 None None olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES- CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:-SHA1 Did work: prio ciphersuite protocols pubkey_size signature_algoritm trusted ticket_hint ocsp_staple npn pfs 1 AES256-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True None False None None None 2 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False None None None 3 AES128-SHA256 TLSv1.2 2048 sha256WithRSAEncryption True None False None None None 4 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 2048 sha256WithRSAEncryption True None False None None None olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES- CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC ** Affects: thunderbird (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1658348 Title: thunderbird's LDAP support requires SHA1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1658348/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs