Oct 25, 2016, 11:48 AM
94 Posts

No problem...

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 9
The first release that ignored the UI configuration settings for version (SSLv3, SSLv2, and a few permutations of those two) was the release that added TLS 1.0. Since TLS 1.0 wasn't in the UI and we couldn't update the UI in a IF or FP, the only option was to ignore the UI and rely on the new notes.ini settings with sane defaults.

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/SSLv2

The first release that ignored the UI configuration settings for ciphers was the release that enabled TLS 1.2 and added the DHE ciphers for forward secrecy plus the AEAD (AES-GCM) and SHA-2 (SHA256, SHA384) ciphers. Since those new ciphers weren't shown in the UI and we couldn't update the UI in an IF or FP, the only option was to ignore the UI and rely solely on the existing notes.ini setting (SSLCipherSpec) for cipher configuration.  

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_1.2
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration