[Bug 1658348] [NEW] thunderbird's LDAP support requires SHA1

[James Troup]

Public bug reported:

We recently tightened up the SSL ciphers offered by our corporate LDAP
server and it broke Thunderbird's LDAP integration.  Specifically
Thunderbird couldn't connect unless SHA1 ciphersuites were offered by
the LDAP server.

Didn't work:

prio  ciphersuite    protocols  pfs
1     AES256-SHA256  TLSv1.2    None  None
2     AES128-SHA256  TLSv1.2    None  None

olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC:-SHA1

Did work:

prio  ciphersuite    protocols              pubkey_size  signature_algoritm       trusted  ticket_hint  ocsp_staple  npn   pfs
1     AES256-SHA256  TLSv1.2                2048         sha256WithRSAEncryption  True     None         False        None  None  None
2     AES256-SHA     TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     None         False        None  None  None
3     AES128-SHA256  TLSv1.2                2048         sha256WithRSAEncryption  True     None         False        None  None  None
4     AES128-SHA     TLSv1,TLSv1.1,TLSv1.2  2048         sha256WithRSAEncryption  True     None         False        None  None  None

olcTLSCipherSuite: NORMAL:-VERS-SSL3.0:-DHE-DSS:-ARCFOUR-128:-3DES-
CBC:-CAMELLIA-128-CBC:-CAMELLIA-256-CBC

** Affects: thunderbird (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Mozilla
Bugs, which is subscribed to thunderbird in Ubuntu.
https://bugs.launchpad.net/bugs/1658348

Title:
  thunderbird's LDAP support requires SHA1

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thunderbird/+bug/1658348/+subscriptions