I’m confused

What does "server does not support RFC 5746, see CVE-2009-3555" mean? - CLOSED: Server-side problem

Keep getting error message imap.ntlworld.com : server does not support RFC 5746, see CVE-2009-3555 What does it mean and what should I do?
42 people have
this question
+1
Reply
  • Here's some links to the referenced information:
    http://www.ietf.org/rfc/rfc5746.txt
    http://web.nvd.nist.gov/view/vuln/det...

    Here's a link to Mozilla's information about the vulnerability:
    http://www.mozilla.org/security/annou...

    To make a long story short, there is a possibility that the SSL/TLS session you are negotiating with a server -- one that you believe to be "imap.ntlworld.com" -- could be compromised such that the data transmitted over that session is not secure.

    What can/should you do ? Until the "imap.ntlworld.com" server software is updated to include the recommendations in RFC5746, you have two choices:
    1. Proceed with the connection, even though there's a possibility the data you send/receive may not be securely encrypted; or,

    2. Terminate the connection.


    Obviously, the second choice means you can't get your mail. The likelihood that this vulnerability would be used to target the average email user -- as opposed to the Pentagon, or large banks, etc. -- is quite small, but you'll have to use your own judgement as to whether the potential benefits (getting your emails) outweigh the risks (someone else might see that data).

    Meanwhile, you should urge your service provider to update the server software to implement the recommendations in RFC5746.
    • view 2 more comments
    • Andrea Frankel: The error message is just a warning. The connection will still be established and retrieve your mail. Your problem not getting as many messages as you think you should, or of the mail not being on the server or in TB is unrelated to the warning message.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • 1
    from what I understand, and I'm doing a little research myself, comcast gives the same error message. They currently use SSL, not SSL/TLS. The error comes from the TLS portion of the security protocol. Comcast must have an old set up for thunderbird because it tells you to check the SSL box, not the TLS box, which isn't an option, you have to choose both for Thunderbird. Whether Thunderbird will offer a choice of None, SSL, TLS, SSL/TLS, or STARTTLS, I don't know. Comcast uses SSL for pulling messages, and STARTTLS for sending. My guess is your mail provider is using SSL and not SSL/TLS.
    • view 3 more comments
    • I spent an hour on with comcast this evening trying to get an answer, and realistically they have none. The issue seems to be that the certificate isn't being verified.
      mail.comcast.net : server does not support RFC 5746, see CVE-2009-3555
      I read on DSLReport.com that a comcast tech once loaded their certificates in the wrong place so when you connected to the server, that it could not verify, thus giving a compromised returned. I'm not very well versed in this, so I'm just making a wild guess...but I'm thinking that the certificate isn't in the right spot again or it has expired or needs to be updated. I tried to get a certificate name or something that thunderbird could verify against, but was told they don't use a certificate...I find that hard to believe, anyway thanks for the response Michael. Like NTL, Comcast has old instructions on setting up Thunderbird.
    • John: Certificates are used to authenticate the other party, and to provide keys to be used to encrypt data. They are most commonly used by WWW servers supporting the HTTPS protocol ("SSL Certificates"), where the certificate is encoded with the server's fully-qualified domain name and "signed" by a Certificate Authority. The client then compares the name in the certificate with the name of the server it was trying to access, and compares the Certificate Authority information with the "known" Certificate Authorities pre-configured in the application -- and will give an alert if the domain names are not the same or if the Certificate Authority is not recognized (and for a few other, less common, reasons).

      Thunderbird can access servers using SSL/TLS, as well, and would also receive the same certificate information as an HTTP client. If the information in the certificate is invalid (as above), TB will display a "Certificate Exception". Finally, certificates can also be used when using STARTTLS in SMTP sessions, but I have never personally observed a case where the certificate was incorrect -- so I'm not sure what the client's response would be.

      In summary, if the "Connection Security" is set to "None", there's no certificate involved; otherwise, there is (regardless of what the personnel at the ISP told you). However, the contents of the certificate are not what causes the warning about the CVE -- that's strictly determined by the "handshake" performed between the client and server. Conversely, it would be possible to see a "Certificate Exception" even if both the client and server implemented the recommendations of RFC5746.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • ok i am getting the same server does not support RFC 5746, see CVE-2009-3555 for the first time 4 days ago
    i am trying to access lordofultima.com
    i have played the game before and had no issues,
    i believe there was a ffox update snce the last time i played though, maybe other updates, it all set to automatic

    the page simply does no load, i reinstalled java, changed al sorts of settings, still will not load

    all other computers on my network load the site fine,
    any ideas?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • same happends to me for portal.adp.com when i try to view my pay stub. all other computers work fine on network when attepting toview the site. getting same error message too.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • 'Server does not support RFC 5746, see CVE-2009-3555'

    I developed a weird problem in the last week. I cannot login to a bluecross member site from my Windows 7 desktop computer using Firefox or IE. I enter the login and password, hit enter, and the entries disappear but nothing happens.

    https://member.southcarolinablues.com...

    No problems with any other password protected websites.

    However, I can login, using my Vista laptop and either browser, through the same router.

    All settings on the firewall and MS Security Essential are the same on both computers. I updated Java and tried logging it with the firewall and virus protection turned off. Nada.

    Thanks,

    Rangercarol
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • Just for everybody's information: This forum is for Thunderbird support, thus the e-mail client, not for Firefox or Internet Explorer or any other browser. ;-)

    Thus, please don't post information on web sites not supporting RFC 5746 here, that's not the purpose of this topic. It's a problem at the server's end, regardless of the protocol on top of which encryption is used, thus you'll need to contact the server's maintainer to resolve the issue.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • mail.stillwood.us : server does not support RFC 5746, see CVE-2009-3555 what does this mean and how do i fix it?

    This reply was created from a merged topic originally titled
    help : "server does not support RFC 5746".
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • I have Thunderbird installed for a few months now. Since today I receive an error when I try to fetch mail:
    pop3.strato.com : server does not support RFC 5746, see CVE-2009-3555

    What does it mean and how can I solve this?
    (Loes - Netherlands)

    This reply was created from a merged topic originally titled
    Thunderbird suddenly comes up with message: pop3.strato.com : server does not support RFC 5746, see CVE-2009-3555.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • I’m frustrated
    I'm trying to connect with my aol.com email account through my Mozilla Thunderbird program. Lately I haven't been able to and when I look in the "error console" area I get a repeated message that says, "imap.aol.com : server does not support RFC 5746, see CVE-2009-3555" What do I need to do to fix this problem? Please help!

    This reply was created from a merged topic originally titled
    What is "imap.aol.com : server does not support RFC 5746, see CVE-2009-3555?".
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • no se si es alguna mala configuraciĆ³n o si no hay mayor problema pero en la consola de errores aparece el mensaje de error

    pop.mail.yahoo.com : server does not support RFC 5746, see CVE-2009-3555

    This reply was created from a merged topic originally titled
    pop.mail.yahoo.com : server does not support RFC 5746, see CVE-2009-3555.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • If everything has been working fine & suddenly it's not, and YOU have made no changes of ANY kind, it usually means the server is down. Wait a while & try again.

    The way I understand it is this:

    Basically, the ERROR MSG simply means that whoever your mail server is, i.e., yahoo, aol, aim, strato, stillwood, comcast, etc., haven't been taught to play well with others. It's NOT Thunderbird's fault, it's the servers'--THEY want you to use THEIR crappy, web-based email interface so they can serve you ads with your email. The service providers have no good reason to update the server software to implement the recommendations in RFC5746, cuz if they did, you might use another email client (TB) to read your mail and then they couldn't shove ads down your throat.

    What it boils down to is this: your email, through TB is 'insecure'. So don't send PRIVATE info like account numbers (or other stuff you wouldn't want the whole world to see) using THAT particular server with Thunderbird--IF the server provides any sort of email security, it will be in the aforementioned web-based interface.

    I spent a month or so playing footsie with AOL over this, screwing with my TB settings, eventually unable to get AOL mail at all and had to set it all back like it was. They don't care, and nothing's changed.

    It doesn't matter, thumb your nose at 'em and use TB anyway. So there!
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • Thank for the info. I figure it was something like that. I keep trying.
    • view 2 more comments
    • i can navigated in ie but can't do it in Firefox!!!!!
    • I have the same problem but for facebook and AOL.Both give the same error in error: www.facebook.com : server does not support RFC 5746, see CVE-2009-3555 and www.aol.com : server does not support RFC 5746, see CVE-2009-3555. My system was set to run a disk check upon start up. So it let it run but noticed it was doing this at a much slower rate then usual. When finally complete my desktop appeared and I proceeded to open Firefox. I have facebook set as my home page so as soon as Ffox opened I realized something wasnt right so I opened error console and found these error messages. Which is how I arrived at this site. I am not sure how to proceed all text and other content from both AOL and Face Book seems to be in magnified as if it were zoomed. I can acces these sights but it is very difficult to navigate within the sites. What do I do? Does anyone have a definate solution to the problem we seem to all be encountering "Server does not support RFC 5746, see CVE-2009-3555". Thanks for your time and effort concerning this issue.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • I’m exasperated!
    To: rsx11m
    Hope you don't object; I cut & pasted your comment.

    And might I add, "DUH"?
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • RFC 5746 seems to be a lot on this topic. Even though it's in the error console. Also appears on a lot of websites and in several different browsers Fire Fox as well so, it just may be an error telling you it's an un-secure website. So be careful what you send and and type ^_^ (public computer use basics?)
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited

  • I've some problems with font messages. There is always a difference betwenn what I can see on my screen and what I get in my yahoo or gmail mailbox. It's always either too big or too small.
    As I was looking for about that I opened my "console d'erreurs" (I don't know how I have to say it; maybe "errors window") and I can see :
    - "imap.mail.yahoo.com : server does not support RFC 5746, see CVE-2009-3555"
    - "smtp.mail.yahoo.com : server does not support RFC 5746, see CVE-2009-3555"
    and also sometimes :
    "Erreur : childrenNode.childNodes[i]._account is undefined
    Fichier Source : chrome://messenger/content/AccountManager.js
    Ligne : 171"

    What does it mean ? and is there a solution ?
    thanks
    FD
    PS: my setting : Windows 7 x86, thunderbird 5.0, Java latest version.

    This reply was created from a merged topic originally titled
    server does not support RFC 5746, see CVE-2009-3555.
  • (some HTML allowed)
    How does this make you feel?
    Add Image
    I'm

    e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited