[Desktop-packages] [Bug 1878155] Re: Thunderbird fails to connect to server in FIPS mode

Wed, 13 May 2020 06:31:24 -0700 

** Changed in: thunderbird (Ubuntu Focal)
       Status: New => Fix Committed

** Changed in: thunderbird (Ubuntu Eoan)
       Status: New => Fix Committed

** Changed in: thunderbird (Ubuntu Bionic)
       Status: New => Fix Committed

** Changed in: thunderbird (Ubuntu Xenial)
       Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1878155

Title:
  Thunderbird fails to connect to server in FIPS mode

Status in thunderbird package in Ubuntu:
  Fix Committed
Status in thunderbird source package in Xenial:
  Fix Committed
Status in thunderbird source package in Bionic:
  Fix Committed
Status in thunderbird source package in Eoan:
  Fix Committed
Status in thunderbird source package in Focal:
  Fix Committed
Status in thunderbird source package in Groovy:
  Fix Committed

Bug description:
  [Impact]

   * Thunderbird may become useless after booting into FIPS mode - it
  refuses to connect to server displaying the following message:

  Unexpected response from the server

  This document cannot be displayed unless you install the Personal
  Security Manager (PSM). Download and install PSM and try again, or
  contact your system administrator.

  This seems to be a result of the fact that despite Thunderbird for
  Ubuntu being with FIPS support disabled there's a piece of code that
  ignores the build flag and checks for `/proc/sys/crypto/fips_enabled`
  status anyway.

  Looks like upstream fix [1] needs to be applied to Thunderbird source
  under security/nss.

  [Test Case]

   * Configure an email account in Thunderbird. I was able to reproduce it with 
a gmail account.
   * Install FIPS modules as described in [2].
   * Boot into FIPS mode.
   * Open Thunderbird.

  [Regression Potential]

   * I can't identify regression potential - this is clearly a bug fixed
  upstream by a simple fix.

  [Other Info]
   
   * Related Firefox bug: https://bugs.launchpad.net/bugs/1843044
   * I was able to backport this fix and test it - the problem was gone. Xenial 
build is available in ppa:dgadomski/thunderbird.

  
  [1] 
https://hg.mozilla.org/projects/nss/raw-rev/55ba54adfcaea2f984a999a511eec5047462eb57
  [2] https://docs.ubuntu.com/security-certs/en/fips

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1878155/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to