STARTTLS support || [Proton Bridge]
-
Hi, some user like the feature request don´t up vote the first post.
It make the implementation not faster but show the developer importance.
Cheers, mib
-
2 Things:
- In fairness, I feel like Proton should update the bridge to support SSL/TLS for IMAP, security is the whole thing after all, and its kind of odd to me that it supports switching to SSL but only for SMTP, why not both?
- I'm legitimately confused by that fact Vivaldi supports StarTLS, but also only for SMTP.
So we're actually in this bizzare scenario where Vivaldi can be switched to StarTLS like Proton wants, and Proton can be switched to SSL like Vivaldi wants but both do it only on SMTP, leaving IMAP in the cold.
-
Can we have some update for that?
-
No idea about the Vivaldi front but the alpha version of Proton Bridge v3 currently works with Vivaldi. They've remade their IMAP library and added the ability to select SSL.
I decided to risk using it, I don't recommend anyone else does, but looks like we'll have ProtonMail working in Vivaldi soon
-
Proton Bridge v3 (still under development, I don't think they've given a release date yet) has SSL support for IMAP, and I believe there's a fork called peroxide (https://github.com/ljanyst/peroxide) that currently works too.
-
@BernieV Sounds great. Am happy you got it to work. But needlessly complicated for me.
I was going to move a number of domain names I own for email to Vivaldi by resetting the pointers, but now, maybe I should just go to ProtonMail and skip Vivaldi, or if ProtonMail won't handle private domain names, do you know one who does? -
@BernieV Hey.... thanks Bernie. I will go check out Proton Mail. I presently have some private domains running on a very small ISP in northern california, (Sonic) and I must say they have the Best customer service in the world. But their email filtering setup is abysmal and just does not do what they say it suppose to do. Old story, eh?
So THANK YOU. I will go talk with Proton.
For posterity, I must say I love Vivaldi's Android browser implementation. Closest to a professional tool I've found on that platform. Onward to Proton. -
FYI: Protonmail bridge works with Vivaldi e-mail now.
In it's settings panel, you can choose protocol. Choose SSL for both (IMAP/SMTP). This is version 3.0.8.
-
@rjc3rd
Yes, we know that STARTTLS connection is not only needed by people who use ProtonMail, but ProtonMail users have been, AFAICT, the biggest group requesting it. We’re glad to hear that ProtonMail has made changes on their side, that allow their users to add the account to Vivaldi Mail, but the general feature request for STARTTLS support remains valid and on the to do list. I don’t know when the team will get on that task, but I trust their judgement when it comes to setting priorities. -
@777pirat
Still doesn't for me (And yes, I've inputted my email in the Username, I just censored it)The thing is, in addition to having the ability to switch to TLS on the ProtonBridge app, there's also the ability to export the local certificates for it to resolve what seems to be, Vivaldi wanting a signed certificate for the local address.
However, by trying to add it via vivaldi://settings/certificates it… Doesn't work.
It doesn't know what to do with .pem files. I tried to add it as an authority certificate, but while it correctly load it and allow me to set it as a certified email provider, it doesn't solve the issue, even with a restart of Vivaldi. In addition, I'm unable to load the affiliated key next to it. I'm also unable to see “where” is the certificate in the list, as it refuse to allow me to edit the trust option of that key. -
@gmw3 Nope. Ditched Vivaldi because of that (and apparently Chromium specific issues).
-
@gmw3 Still not working. Vivaldi refuse to import the local self-registered key, and so, doesn’t want to do anything with the local self-signed certificate. It also still prevent me from removing that said added certificate, nor update it.
-
@PoorPocketsMcNewHold I figured out how to get it to work. What I ended up doing was taking the key and certificate and converting them into a pfx using openssl, then importing it as a personal certificate in the certificate store of Vivaldi. Then I was magically able to get it to work.
-
Unfortunately, this is preventing me from using Vivaldi Mail at all.
It's just not really worthwhile when my main account can't be added.
-
@jane-n Less secure options, this is the kind of thinking that I believe has pushed getting the basic issue resolved in an email client of all things to the back burner. It really shouldn't I for one can say, I was happily using OperaGX, and didn't intend on switching my browser, but was really taken aback at the high level of customization and configuration offered by Vivaldi, still wouldn't have switched however, till I saw the mail, calendar, notes, and tasks integration, I could use from my browser, from a sidebar in my browser, negating the need to jump around to third party options, outside of my browser, whereas a webdev I spend a stupid amount of time. However, I've now spent a ridiculous amount of time trying to hammer a configuration into place that will allow me to use my proton accounts with these services, almost to the point of giving up and going back to opera honestly. I hope you guys prioritize this, clearly, there is a desire in the community for this to work, and quite frankly looking at it as a less secure option is highly opinionated. I'll spare myself some time but link a decent rebuttal here:
There is no difference in the security between the two options.
SSL/TLS opens an SSL/TLS connection first, then begins the SMTP transaction. This must occur on a port that does not have a non-SSL/TLS SMTP server already running; it is impossible to configure a single port to handle both plain text and encrypted connections due to the nature of the protocols.
STARTTLS starts the SMTP transaction and looks for support from the other end for TLS in the response to EHLO. If the client sees STARTTLS in the supported command list, then it sends STARTTLS and begins negotiation for encryption. All this can (and usually does) occur on the standard SMTP port of 25, partly for backwards compatibility, but also to allow for opportunistic encryption between endpoints that both support it but don't necessarily require it.
Generally, SSL/TLS is only used between end-clients and servers. STARTTLS is more commonly used between MTA's to secure inter-server transport.
Given those two implementations, STARTTLS could be construed as insecure if the user or administrator are assuming the connection is encrypted but have not actually configured it to require encryption. However, the encryption used is exactly the same as SSL/TLS and therefore not more or less vulnerable to a Man-in-the-Middle attack beyond this type of configuration error.
I hope you guys get this ironed out and meet the needs of your community, I suspect there are more users like myself out there who gave your browser a look, when not intending or needing a switch, lured in by some of these features, only to be disappointed the devs didn't find their issue worth prioritizing... Best of Luck, and Godspeed
-
This post is deleted! -
@BernieV said in STARTTLS support:
Just an update here. There is a alpha version of Proton Bridge -3.09
It allows to export the certificate which can be imported into Vivaldi.
The default import location is WRONG. You must select Trusted Root Certificates.
After importing the certificate, Vivaldi needs to be restarted. I guess it caches the certificates for speed.This worked incredibly well and much simpler than some of the other workarounds. I needed to restart the computer (since restarting vivaldi wasn't enough). Thank you
-
Still not working :((
@ibu600 did you use STARTTLS? -
@MoiraPrime said in STARTTLS support:
@PoorPocketsMcNewHold I figured out how to get it to work. What I ended up doing was taking the key and certificate and converting them into a pfx using openssl, then importing it as a personal certificate in the certificate store of Vivaldi. Then I was magically able to get it to work.
Could you please describe how you concverted the
.pem's into.pfxusing openssl? -
For anyone struggling setting up Proton Mail, I was able to get it working thanks to the answers in here from @777pirat , @PoorPocketsMcNewHold. However, there was a few additional steps needed prior to setting up the account in order to get it working; mainly regarding where to add it and which authorities to give. If done correctly, there is no need to convert the certificate into a different file format (as has been suggested).
For anyone interested, I've summarised the actions I had to undertake prior to setting up the account in a few relatively simple steps:
- In Proton Mail Bridge (v 3.1.1) go to "Settings">"Advanced Settings".
- Go to "Connection Mode" and click "Change". Change IMAP connection mode to "SSL".
- Go to "Export TLS certificates" and click "Export" and save the files at your location of choice.
- In Vivaldi, open a new tab and enter
vivaldi://settings/certificates. The "Manage Certificates" page should then open.- Under the "Authorities" tab click "Import" and select the
cert.pemfile you exported from Proton Mail Bridge. - A prompt for "Certificate authority" should then pop up. Tick off all boxes under "Trust settings".
- Under the "Authorities" tab click "Import" and select the
- Restart Vivaldi and Proton Mail Bridge.
After that, it should be possible to set up a Proton Mail account.
- In Proton Mail Bridge (v 3.1.1) go to "Settings">"Advanced Settings".
