re :I am not comfortable sharing my email provider with a stranger on a public forum. I have already confirmed with my ISP that there is no issue on their end and their web-based mail is working fine.

Yes, you will find email provider techies are only concerned with the webmail. However that is irrelevant because webmail is not using imap servers. I am frequently helping people who have 'talked to their email providers' who say all is ok and those tech advisers are not always correct when it comes to something unrelated to webmail.

One of the most basic requirements of helping people with connection issues is knowing what that person is currently using. Server Settings info is not exactly personal. (not your email address nor any passwords), but you can hardly expect people to help you if they have no idea what server set up you are using. But you are using insecure port 143, does your email provider not offer the secure ports 993 or 995?

re ;That actually worked - and it also erased every single folder except for my inbox. As it is an imap account, I suggest you attempt to subscribe to see folders. Right click on imap account name in folder pane and select 'Subscribe' Click on 'Refresh;' button reselect all folders you require and click on 'Subscribe' click on OK.

I have the same problem. It has nothing to do with Kaspersky, I don't have Kaspersky.

    Port 143
    Connection Security : none
    Authentication method: normal password.

This works. It is impossible to work with port 993 and SSL/TLS. I found that de folder subscription list is empty!!! No IMAP folders visible! Refresh doesnot help. I Uninstalled V78 and reinstalled V68. No data-loss. I am lucky because I have a test system.

A POP-account works flawless. Gmail account works fine.

Anybody ideas?

KeMo What server has the problem?

I have same issue with a pop account using server name: mail.livemail.co.uk

I'm trying to get the attention of the developers, but they obviously need to know what servers are having the issue.

I'm trying to get people who experience this issue on update to 78 to tell me what server they use as that info is not exactly a personal thing and loads of people use same servers and the settings are publically available, but if people do not tell me then I'm fighting a losing battle as the devs will not see this as a Thunderbird problem (assuming that it is). I need all the help I can get.

It is not a problem of the server (at least not for TB 68.11.0). I have 2 other systems running on TB 68.11.0 (993 and SSL/TLS and normal password) and they work fine. Webmail also works fine. (Servers are in the Netherlands from Hosting2go, typical: "serverXX.hosting2go.nl", XX is the servernumber.) The sending of mail works, but the problem is that the program cannot copy (write) the mail to the imap-folder "sent" and then the program hangs. Then, when stopping this action, the program wants to write the mail to "concepts" because it thinks that the mail isn't sent. Also writing to the imap-folder "concepts" doesnot work. In the end you can store it locally. This is not the idea of IMAP.

I Think it is a bug in the program. I tried to install TB 78.1.0 over TB 68.11.0 on a new machine; it didnot work. I tried TB 78.1.0 on a clean install W10-home on an old machine; same error. I tried TB 78.0.1 and TB 78.1.0, both errors. I literally copied the settings, having 2 screens next to each other.

Annoying is that the Google agenda is not working anymore, but that is not a disaster, plenty of other solutions.

anonpleaseanon

You mentioned this did not work:

• Port 143
• Connection Security : STARTTLS
• Authentication method: Encrypted Password

Am I correct in understanding this setting does not work either ?

• Port 143
• Connection Security : STARTTLS
• Authentication method: normal password.

I have a 'Fasthost' account using server name 'mail.livemail.co.uk'

I have a pop account and it fails to function in Thunderbird 78.1.0. I had to change the some of the server settings. Pop account Port: 110 Connection Security: STARTTLS

Imap account: Port: 143 Connection Security: STARTTLS

But I believe I know the reason for this. Thunderbird 78 has stopped out of date use of SSLv3 and TLSv1

I checked settings for mail.livemail.co.uk:995 at this website https://www.immuniweb.com Results say: The server has TLS 1.0 enabled. It is non-compliant with NIST since SP 800-52 REV. 2 and non-compliant with PCI DSS since the 30th of June 2018. Non-compliant with PCI DSS and NIST The TLS engine does not support a TLS version newer than TLSv1.0 and is outdated. Non-compliant with HIPAA and NIST

So actually, Thunderbird is not really to blame as it is keeping up with security standards. I have sent an email to Fasthosts asking them what is going on and why they are not using up to date standard.

As I have no idea what server you are using, so I cannot verify anything, but if you use the link above then you may be able to test it yourself. Perhaps you are experiencing the same as me. The server you use is basically not up to date. Maybe it is worth getting in contact with them and telling them the problem.

re :t is not a problem of the server (at least not for TB 68.11.0).

No, it won't be because the out of date use of SSLv3 and TLSv1 is still enabled in version 68.11.0 But Thunderbird removed it in version 78.1.0

Learned a lot the last 10 minutes! Thanks.

Summary of server51.hosting2go.nl:993 (IMAPS) SSL Security Test

The Score was "F", need to say more?

The server has TLS 1.0 enabled. It is non-compliant with NIST since SP 800-52 REV. 2 and non-compliant with PCI DSS since the 30th of June 2018. Non-compliant with PCI DSS and NIST

TLSv1.0 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Non-compliant with PCI DSS requirements TLS_RSA_WITH_RC4_128_MD5 Non-compliant with PCI DSS requirements TLS_RSA_WITH_RC4_128_SHA Non-compliant with PCI DSS requirements TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 Non-compliant with PCI DSS requirements TLS_RSA_EXPORT_WITH_DES40_CBC_SHA Non-compliant with PCI DSS requirements TLS_RSA_WITH_DES_CBC_SHA Non-compliant with PCI DSS requirements TLS_RSA_WITH_3DES_EDE_CBC_SHA Non-compliant with PCI DSS requirements TLS_RSA_WITH_AES_128_CBC_SHA Good configuration TLS_RSA_WITH_AES_256_CBC_SHA Good configuration

SSLv3 SSL_RSA_EXPORT_WITH_RC4_40_MD5 Non-compliant with PCI DSS requirements SSL_RSA_WITH_RC4_128_MD5 Non-compliant with PCI DSS requirements SSL_RSA_WITH_RC4_128_SHA Non-compliant with PCI DSS requirements SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 Non-compliant with PCI DSS requirements SSL_RSA_EXPORT_WITH_DES40_CBC_SHA Non-compliant with PCI DSS requirements SSL_RSA_WITH_DES_CBC_SHA Non-compliant with PCI DSS requirements SSL_RSA_WITH_3DES_EDE_CBC_SHA Non-compliant with PCI DSS requirements

SSLv2 SSL2_RC2_128_CBC_WITH_MD5 Non-compliant with PCI DSS requirements SSL2_RC4_128_EXPORT40_WITH_MD5 Non-compliant with PCI DSS requirements SSL2_DES_64_CBC_WITH_MD5 Non-compliant with PCI DSS requirements SSL2_RC4_128_WITH_MD5 Non-compliant with PCI DSS requirements SSL2_RC2_128_CBC_EXPORT40_WITH_MD5 Non-compliant with PCI DSS requirements SSL2_DES_192_EDE3_CBC_WITH_MD5 Non-compliant with PCI DSS requirements SSL2_RC4_64_WITH_MD5 Non-compliant with PCI DSS requirements

SUPPORTED PROTOCOLS List of all SSL/TLS protocols supported by the server:

SSLv2Non-compliant with PCI DSS requirements SSLv3Non-compliant with PCI DSS requirements TLSv1.0Non-compliant with PCI DSS requirements

It looks like the blame is not on TB 78.1.0. That's good.

Thanks again.

It is quicker to change the settings in TB 78, then "moving" the ISP. Go to Configuration editor and search security.tls.version.min. Change the value from 3 to 1. Everything works again.

Thanks to: https://help.blacknight.com/hc/en-us/articles/360011553098-Issues-with-Thunderbird-78-?mobile_site=true

I also use Fasthosts and was able to get my email working by changing the server connection security setting to STARTTLS and Port 110.

Not ideal but works.

The advice in his link worked better! Thanks KeMo

Thanks to: https://help.blacknight.com/hc/en-us/articles/360011553098-Issues-with-Thunderbird-78-?mobile_site=true

With the upgrade to Thunderbird 78, I cannot send or receive email. My employer pushes us to upgrade to the latest version, hence when I couldn't upgrade within the application, I went to the website and downloaded and installed version 78 (I am running Mac Mojave). > The Thunderbird team made a decision to not update existing users at > this time due to some issues with the release that affected upgrades. > But you appear to have an upgrade. How did it happen? The answer to that - there was NO appropriate warning whatsoever. My mailboxes and addressbook survived the change intact, but now I cannot send or receive email. The settings are the same as before. Someone suggested that Thunderbird may be requiring a newer version of SSL/TLS than the server is using. My employer has good security, but I cannot force them to use the version that I want or that you want. If that is the problem, what you need to do is to release a revised version 78 with exactly the same security posture as 68. DO IT! You said: > Thunderbird 78 checks the validity of SSL certificates and the self > signed ones always fail the check because there is no issuing server to > check them with. Automatic failure. It's not your place to prevent people from using self-signed certificates! Although that isn't my current problem. The biggest crime is changing two things at once - the format of mail storage so we can't go back, and the security posture so that it doesn't work.

re :Someone suggested that Thunderbird may be requiring a newer version of SSL/TLS than the server is using.

Yes, the out of date versions of TLS have been removed from Thunderbird as the encryption is out of date and insecure.

This means servers that are still using the out of date protocols can only be accessed by changing the server settings.

As a heads up, these are also being disabled by eg: Microsoft in all browsers, software like MSOffice and email client. TLS 1.2 will be the default security protocol. It would have occured earlier but was put back to october this year due to covid19.

https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/ https://docs.microsoft.com/en-us/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/compliance/tls-1-2-in-office-365-gcc?view=o365-worldwide

By the way, the format of mail storage has not changed. The address book in 68 was stored in MAB files and they were converted to sqlite format to function in 78. So the address book has seen a change in the format. However, the old abook.mab files should still be available as 'abook.mab.bak' files which can easily be renamed to 'abook.mab' to be used in version 68. 'history.mab.bak' can also be renamed to 'history.mab' - exit thunderbird before doing it.

The difficulties with going back to a prior version did not start in 78. This was implemented in 68. But it is still possible, you just have a few hoops to jump through. Further info here: https://support.mozilla.org/en-US/kb/dedicated-profile-thunderbird-installation

All this information was readily available in the same location as where you download Thunderbird under : Release Notes. This sort of information on what has changed, bug fixes etc has always been available via this method. I would always recommend that you read available information about anything you want to update prior to updating.

• https://www.thunderbird.net/en-US/thunderbird/78.0/releasenotes/
• Address books are now stored as SQLite databases to prepare for future addressbook improvements. Existing address books in MAB format (using a Mork database) will be converted.
• TLS 1.0 and 1.1 disabled

I am not an employee of Mozilla thunderbird. I am just a user like you. I am only providing information on what how to locate info and explaining why things have occurred and working out a solution. I have also been effected with problems of getting emails from a server that as yet has not implemented the TLS1.2 protocol. I have contacted them stating the problem so that they are aware. I have had to change my server settings to establish access again.

Try to change in THUNDERBIRD preferences editor security.tls.version.min from 3 to 1

From the menu at the top right, go to Options. Scroll all the way to the bottom and click on Config Editor. Skip past the warning. Scroll down until you find security.tls.version.min (or paste security.tls.version.min to upper frame) Double click on it, and set the value to 1

Mozilla disabled TLS 1.0 and 1.1 in the latest versions of Firefox and Thunderbird. Thunderbird 73b and above. This causes issues with anyone connecting via SSL/TLS/StartTLS to services uses 1.1.

kotouc74 Good call. I'd forgotten about that one.

Try to change in THUNDERBIRD preferences editor security.tls.version.min from 3 to 1

From the menu at the top right, go to Options. Scroll all the way to the bottom and click on Config Editor. Skip past the warning. Scroll down until you find security.tls.version.min (or paste security.tls.version.min to upper frame) Double click on it, and set the value to 1

Mozilla disabled TLS 1.0 and 1.1 in the latest versions of Firefox and Thunderbird. Thunderbird 73b and above. This causes issues with anyone connecting via SSL/TLS/StartTLS to services uses 1.1

I have this issue also. It updated itself and now can't download or send any messages. It pops up this message.

peer using unsupported version of security protocol. :

Can anyone help with it this.

I am also a Fasthosts user and am very grateful to KeMo and others for pointing me in the right direction. It worked for me. Interestingly, Fasthosts didn't know the answer themselves!

While you can deliberately reduce the security of Thunderbird by making it use old obsolete and now known defective security protocols (TLS 1.0 and TLS 1.1), ultimately you are doing so at the risk of compromising your own device security because your mail provider has over more than a decade failed to keep up with connection encryption protocols.

So instead of "fixing" Thunderbird, ask your provider to offer connections without connection encryption. It will be functionally faster and no less secure than forcibly re-enabling obsolete protocols that are no longer secure anyway.

TLS V1.2 has been out in the world for 12 years, having been debut in 2008. TLS v1.3 came out in 2018 when the withdraw of 1.0 and 1.1 was announced.

The payment card industry council announced that they had a deadline of 30 June 2018 for the removal/Replacement of these old versions of TLS. So if your provider is handling credit card information it may be you have more of an issue than email if they have not kept up. eCommerce where email may contain payment information may place your business at risk.

If you are paying for your web and email hosting, perhaps you need to re think your entire internet presence. If your host is not providing security protocols that have been "standards" since 2008 what other failures of security do they have. This is a serious issue that extends to the entire business model of the companies concerned. If their security is not up to modern standards, what else if not!

Fasthosts are well aware of the issue because I have already been in contact with them.

In response to my concerns they said and I quote: Regarding your concern, there is no update yet when to upgrade SSL and TLS versions on our mail server. In order to meet their requirements, we would need to make major changes to our entire mail platform, which may in turn cause issues with the other email client like Microsoft Outlook. However, if anything changes around this, it will be communicated to all customers.

I do understand that Microsoft upgraded their TLS but with fasthosts there is no update yet. We cannot confirm when will fasthosts update the TLS for our mail service., but if anything changes around this, it will be communicated to everyone.

If referring to email our servers only support SSL and for the website the TLS version is 1.2,

I had this problem and have now deleted thunderbird 78 and gone back to 68. Everything now works. Pain as to sort out though. Originally I could not receive or send emails. Some altering of settings and I could receive but not send. In no hurry to upgrade to 78 anytime soon. A nightmare. Kept saying peer support protocol was corrupt and my smpt settings needed altering. Glad I could go back really.

I just upgraded on machine with two accounts to version 78.2.1 (the latest version).

After doing so, no emailing was possible as the save passwords were NOT migrated to the new version. I had to RETYPE each password into the 8 or so emails accounts being used for Thunderbird for two users. That's right, 8 accounts times send and receive passwords (2 each) times * two accounts.

Why are the passwords from 60.1... to 78.2 not available, imported, whatever you want to call it.

There is NOTHING obvious about the subtle comment that new users should install ver 78.

Is this problem have to do with the database changes mentioned in another thread??