STARTTLS support || [Proton Bridge]
-
@gmw3 Nope. Ditched Vivaldi because of that (and apparently Chromium specific issues).
-
@gmw3 Still not working. Vivaldi refuse to import the local self-registered key, and so, doesnβt want to do anything with the local self-signed certificate. It also still prevent me from removing that said added certificate, nor update it.
-
@PoorPocketsMcNewHold I figured out how to get it to work. What I ended up doing was taking the key and certificate and converting them into a pfx using openssl, then importing it as a personal certificate in the certificate store of Vivaldi. Then I was magically able to get it to work.
-
Unfortunately, this is preventing me from using Vivaldi Mail at all.
It's just not really worthwhile when my main account can't be added.
-
@jane-n Less secure options, this is the kind of thinking that I believe has pushed getting the basic issue resolved in an email client of all things to the back burner. It really shouldn't I for one can say, I was happily using OperaGX, and didn't intend on switching my browser, but was really taken aback at the high level of customization and configuration offered by Vivaldi, still wouldn't have switched however, till I saw the mail, calendar, notes, and tasks integration, I could use from my browser, from a sidebar in my browser, negating the need to jump around to third party options, outside of my browser, whereas a webdev I spend a stupid amount of time. However, I've now spent a ridiculous amount of time trying to hammer a configuration into place that will allow me to use my proton accounts with these services, almost to the point of giving up and going back to opera honestly. I hope you guys prioritize this, clearly, there is a desire in the community for this to work, and quite frankly looking at it as a less secure option is highly opinionated. I'll spare myself some time but link a decent rebuttal here:
There is no difference in the security between the two options.
SSL/TLS opens an SSL/TLS connection first, then begins the SMTP transaction. This must occur on a port that does not have a non-SSL/TLS SMTP server already running; it is impossible to configure a single port to handle both plain text and encrypted connections due to the nature of the protocols.
STARTTLS starts the SMTP transaction and looks for support from the other end for TLS in the response to EHLO. If the client sees STARTTLS in the supported command list, then it sends STARTTLS and begins negotiation for encryption. All this can (and usually does) occur on the standard SMTP port of 25, partly for backwards compatibility, but also to allow for opportunistic encryption between endpoints that both support it but don't necessarily require it.
Generally, SSL/TLS is only used between end-clients and servers. STARTTLS is more commonly used between MTA's to secure inter-server transport.
Given those two implementations, STARTTLS could be construed as insecure if the user or administrator are assuming the connection is encrypted but have not actually configured it to require encryption. However, the encryption used is exactly the same as SSL/TLS and therefore not more or less vulnerable to a Man-in-the-Middle attack beyond this type of configuration error.
I hope you guys get this ironed out and meet the needs of your community, I suspect there are more users like myself out there who gave your browser a look, when not intending or needing a switch, lured in by some of these features, only to be disappointed the devs didn't find their issue worth prioritizing... Best of Luck, and Godspeed
-
This post is deleted! -
@BernieV said in STARTTLS support:
Just an update here. There is a alpha version of Proton Bridge -3.09
It allows to export the certificate which can be imported into Vivaldi.
The default import location is WRONG. You must select Trusted Root Certificates.
After importing the certificate, Vivaldi needs to be restarted. I guess it caches the certificates for speed.This worked incredibly well and much simpler than some of the other workarounds. I needed to restart the computer (since restarting vivaldi wasn't enough). Thank you
-
Still not working :((
@ibu600 did you use STARTTLS? -
@MoiraPrime said in STARTTLS support:
@PoorPocketsMcNewHold I figured out how to get it to work. What I ended up doing was taking the key and certificate and converting them into a pfx using openssl, then importing it as a personal certificate in the certificate store of Vivaldi. Then I was magically able to get it to work.
Could you please describe how you concverted the
.pem's into.pfxusing openssl? -
For anyone struggling setting up Proton Mail, I was able to get it working thanks to the answers in here from @777pirat , @PoorPocketsMcNewHold. However, there was a few additional steps needed prior to setting up the account in order to get it working; mainly regarding where to add it and which authorities to give. If done correctly, there is no need to convert the certificate into a different file format (as has been suggested).
For anyone interested, I've summarised the actions I had to undertake prior to setting up the account in a few relatively simple steps:
- In Proton Mail Bridge (v 3.1.1) go to "Settings">"Advanced Settings".
- Go to "Connection Mode" and click "Change". Change IMAP connection mode to "SSL".
- Go to "Export TLS certificates" and click "Export" and save the files at your location of choice.
- In Vivaldi, open a new tab and enter
vivaldi://settings/certificates. The "Manage Certificates" page should then open.- Under the "Authorities" tab click "Import" and select the
cert.pemfile you exported from Proton Mail Bridge. - A prompt for "Certificate authority" should then pop up. Tick off all boxes under "Trust settings".
- Under the "Authorities" tab click "Import" and select the
- Restart Vivaldi and Proton Mail Bridge.
After that, it should be possible to set up a Proton Mail account.
- In Proton Mail Bridge (v 3.1.1) go to "Settings">"Advanced Settings".
-
@palbjartan Nice. Just a note: step #2 might be not valid for windows.
But I think the same cert can be add to Window Certificate Manager. -
@Hadden89 said in STARTTLS support:
@palbjartan Nice. Just a note: step #2 might be not valid for windows.
But I think the same cert can be add to Window Certificate Manager.Thanks for the info. I got the instructions for adding certificates from the Vivaldi for Linux forum, as @BernieV 's way of adding certificates is unviable (at least on Linux). I'm somewhat surprised it wouldn't work for Windows users as well, since it's a Vivaldi internal setting and not system wide, but since I don't have Windows I am unable to test it.
Can anyone confirm whether step 2 will work in Windows or not?
-
Step 2 does not work on Windows but importing the cert.pem in Windows Certificate Manager works.
- In Windows Start menu, search and open Certificate Manager
- Expand Trusted Root Certification Authorities > Certificates
- Right-click on Certificates folder & select All tasks > Import
- Import cert.pem
-
Same problem here. My university's IMAP server connects on 143 with StartTLS. Cannot set that up in Vivaldi. It's greyed out. Unfortunately there is no alternative like SSL. Will resort to Apple Mail for now but would love to have it in Vivaldi.
6.0.2979.18 (Stable channel) (arm64)
-
@rjc3rd Maybe Vivaldi don't have 10,000 programmers working around the clock to attend to every wish and winge. Let's all lighten up a bit here. Don't like Vivaldi email at present? There are 20 other email clients (FREE) you can choose from.
Just sayin'.
![π](https://forum.vivaldi.net/assets/plugins/nodebb-plugin-emoji/emoji/emoji-one/1f615.png?v=g4rfd1lk1j0 ":\")
-
I would like to report that I was able to get Proton Mail running without issue and without much work on Linux. The solution required splicing together different solutions made throughout this thread.
These are the steps I took to get Proton Mail working for me.
Browser OS: Vivaldi 6.1.3035.204 (Stable channel) stable (64-bit)
Distro: Debian 12 (Gnome)From palbjartan
- In Proton Mail Bridge (v 3.1.1) go to "Settings">"Advanced Settings".
- Go to "Connection Mode" and click "Change". Change IMAP connection mode to "SSL".
- Go to "Export TLS certificates" and click "Export" and save the files at your location of choice.
If the above does not work try this:
- In Thunderbird, go to:
- Settings > Privacy & Security > Certificates > Manage Certificates
- Click on Authorities, Scroll down to: Proton AG
- Certificate Name = 127.0.0.1
- Security Device = Software Security Device
- "View" certificate. Scroll down to "Miscellaneous"
- Export certificate by clicking on PEM(cert):
Download PEM(cert) PEM(chain)
- Export certificate by clicking on PEM(cert):
- Click on Authorities, Scroll down to: Proton AG
- In Vivaldi, open a new tab and enter:
chrome://settings/certificates- The "Manage Certificates" page should open.
- NOTE:
chrome://settings/certificatesforwards tovivaldi://settings/certificates. - BUT:
vivaldi://settings/certificatesbrings up "Settings" without access to certificate management.
- NOTE:
- Under the "Authorities" tab click "Import"
- Select exported certificate:
127-0-0-1.pem(Thunderbird)
- Select exported certificate:
- A prompt for "Certificate authority" should pop up.
- Tick all boxes under "Trust settings".
- The "Manage Certificates" page should open.
- Restart Vivaldi and Proton Mail Bridge.
-
@Truongdukedong I understand the sentiment but when you build a product or service and parts of it fail to work as intended the correct response should be to fix whatever is broken and not suggest unofficial alternatives whenever possible.
Vivaldi doesn't have 10,000 programmers but the nature of open-source development lends itself to people with programming skills or technical knowledge filling the role of those programmers and providing solutions, similar to the message I made on this topic.
If people are upset that a product doesn't work right, then that product is (probably) a good one and people have high expectations for how it should work.
It is highly unlikely that Microsoft ever told people to go use Google products because of a flaw in a Microsoft product. Don't you agree?
-
Vivaldi Mail and Proton Bridge
[Note] Since Vivaldi does not support STARTTLS for IMAP (due to security issues with STARTTLS), you need to set Proton Bridge to SSL mode
- Go to Proton Bridge advanced settings and set both connections to
SSLand export thecert.pemsomewhere. - Open
chrome://settings/certificatesand import thecert.peminto theAuthoritiestab. Accept all checkboxes. - Restart Vivaldi and Proton Bridge.
- Re-enter the username and password from Proton Bridge and it should work.
- Go to Proton Bridge advanced settings and set both connections to
-
Hi tr3k,
I've generated the certificates but when I go to vivaldi://settings/cerfificates there is no Authorities tab.
There is Security and Privacy > Security > Manage Certificates.
Or if I go to chrome://settings/certificates I end up at vivaldi://settings
I'm none the wiser as to where the cert.pem gets installed.....
Any advice? I'm using MACOS 13.4.1 on an M1 Macbook Air. -
Has anyone actually managed to get Proton Mail working in Vivaldi on an M1/M2 Mac?
I've looked at all the answers so far and when I get to vivaldi://settings/privacy/ > Security > Manage Certificates, I end up in Keychain Access.
I have no idea what to do next....
Anyone??
