Bug 2230037

Summary: TLS broken for POP3 and SMTP connections [9.0.z]
Product: Red Hat Enterprise Linux 9 Reporter: Jan Horak <jhorak>
Component: thunderbirdAssignee: Jan Horak <jhorak>
Status: NEW --- QA Contact: Jiri Prajzner <jprajzne>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 9.0CC: abobrov, amike, desktop-qa-list, erack
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Horak 2023-08-08 14:16:42 UTC 
This bug was initially created as a copy of Bug #2229981

I am copying this bug because: 



Description of problem:
TLS is broken on the latest thunderbird release

Version-Release number of selected component (if applicable):
thunderbird-102.14.0-1.el7_9.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Configure thunderbird to use TLS for pop3 or smtp connections
2. Update thunderbird to 102.14.0-1.el7_9.x86_64
3. Launch thunderbird and attempt tls connection

Actual results:
TLS connection fails with the following entry in maillog:

Aug  7 19:06:15 mail_server dovecot: pop3-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.0.1, lip=192.168.0.1, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=<ddk1GlkCBqjAqAAB>

Expected results:
tls connections work as expected

Additional info:
Downgrading to thunderbird-102.13.0-2.el7_9.x86_64 fixes the issue
Disabling SSL/TLS security and sending authentication in plain text (highly undesirable) also works
TLS cert is self signed and imported into thunderbird, with expiry date 2028