summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Goehre <chris@sigxcpu.org>2014-10-22 13:23:54 -0400
committerChristoph Goehre <chris@sigxcpu.org>2014-10-23 12:27:56 -0400
commit915864d0b0771a84726fbbcc1dafb51b397c2720 (patch)
tree6e9e0b0429f43fc09005eb9ed90227ced093f9aa
parent7cfab814f9ca9b2dd378c8240a4d4690e50a35ec (diff)
debian/NEWS: adding note around increased default TLS version 1.2
Closes: #761245
-rw-r--r--debian/NEWS22
-rw-r--r--debian/README.Debian30
2 files changed, 51 insertions, 1 deletions
diff --git a/debian/NEWS b/debian/NEWS
index f69edcc..4a9c26b 100644
--- a/debian/NEWS
+++ b/debian/NEWS
@@ -1,3 +1,25 @@
+icedove (31.2.0-1) unstable; urgency=low
+
+ Mozilla implemented TLS 1.2 in NSS version 3.15.1 and Thunderbird 31.0 uses
+ this as the default. It won't fall back to older protocol versions.
+
+ This means every connection from Thunderbird/Icedove to a mail server will
+ using TLS 1.2 with no fall back if you have configured TLS/SSL or STARTTLS for
+ your connections.
+
+ Some users reported trouble by this behavior. In case you are unable to get
+ or sent any mails anymore from or to your mail server please ensure that
+ your email provider is fully supporting TLS 1.2 if possible.
+
+ There were reports that this causes problems with some providers (Bug
+ #761245). This is usually indicated by:
+
+ "connection to SMTP server was lost in the middle of the transaction."
+
+ For information on how to fix that check README.Debian.
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 15 Oct 2014 18:38:00 +0200
+
icedove (3.0.4-1) unstable; urgency=low
The old profile folder ~/.mozilla-thunderbird will renamed into ~/.icedove on
diff --git a/debian/README.Debian b/debian/README.Debian
index 5160159..6860703 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -14,4 +14,32 @@ upstream project will go to.
As long as Mozilla will provide ESR versions there will be packaged versions of
those inside the various release of Debian.
--- Carsten Schoenert <c.schoenert@t-online.de> Sun, 2 July 2013 21:32:07 +0100
+ -- Carsten Schoenert <c.schoenert@t-online.de> Sun, 2 July 2013 21:32:07 +0100
+
+Downgrading TLS security
+------------------------
+
+If your provider doesn't support TLS 1.2 and you can't make him
+upgrade you can change:
+
+ "security.tls.version.min"
+
+and/or
+
+ "security.tls.version.max"
+
+in about:config (available via "Edit ->> + Preferences -> Advanced ->
+General -> Config Editor"). For details see
+http://kb.mozillazine.org/Security.tls.version.* .
+
+Note that changing these values decreases your transport level
+security. For more details see:
+
+https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS
+https://bugzilla.mozilla.org/show_bug.cgi?id=480514
+https://wiki.mozilla.org/Security/Server_Side_TLS
+http://en.wikipedia.org/wiki/Network_Security_Services
+http://kb.mozillazine.org/Connection_errors_-_SMTP
+https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761245
+
+ -- Carsten Schoenert <c.schoenert@t-online.de> Wed, 15 Oct 2014 18:38:00 +0200