POP3 Proxy TLS Inspection Vs Thunderbird

Hello everyone,

I have a problem with TLS inspection for POP3 on Thunderbird client. If it's enabled everything works fine on Outlook but on Thunderbird I cannot receive e-mails. In TB debug console I got logs looking like that:

  • NS_ERROR_ABORT: Certificate issuer is not built-in,
  • NotSupportedError: CustomElementRegistry.define: 'conversation-browser' has already been defined as a custom element
  • [Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 658" data: no]
  • [Exception... "Component returned failure code: 0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH) [nsIXPCComponents_Utils.readUTF8URI]" nsresult: "0x80520001 (NS_ERROR_FILE_UNRECOGNIZED_PATH)" location: "JS frame :: resource://gre/modules/L10nRegistry.jsm :: L10nRegistry.loadSync :: line 658" data: no]
  • : server does not support RFC 5746, see CVE-2009-3555".

Version of Thunderbird = 78.8.1

If I downgrade TB to 68.2.2 everything works fine..

Maybe some of you have encountered such a problem.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @KrzysztofPazdziora

    Thunderbird (like Firefox) keeps its own certificate store, so you need to import the cert into thunderbird.

    If you open Thunderbird, and are on the main window, press the alt key on your keyboard. You should see the menu bar appear.

    -Go to Tools -> Options.
    -Click Advanced (the gear on the far right.)
    -Click the certificates tab on the right of that window.
    -Click Manage Certificates.
    -In the Authorities tab, click IMPORT.
    -Find your cert, highlight it, and click OK.
    -Check the two boxes to trust this CA to ID web sites and email users.
    -Click OK.

    I'm not entirely sure why Mozilla keeps their own cert store, but for their products, certs need to be imported into them or you'll see this type of error. They won't check the Windows CA store even if the cert is installed there.

    -James Carson
    WatchGuard Customer Support

  • Importing the certificate was the first thing I have done. Looks like the certificate is not a problem. In my opinion, Thunderbird in version 78.8.1 has some kind of problems with TLS inspection.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @KrzysztofPazdziora

    That could potentially be the issue -- If you think that's the case, I'd suggest opening a case with Mozilla's support.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.