FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.


Oct 25, 2016, 11:48 AM
94 Posts

No problem...

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 9
The first release that ignored the UI configuration settings for version (SSLv3, SSLv2, and a few permutations of those two) was the release that added TLS 1.0. Since TLS 1.0 wasn't in the UI and we couldn't update the UI in a IF or FP, the only option was to ignore the UI and rely on the new notes.ini settings with sane defaults.

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/SSLv2

The first release that ignored the UI configuration settings for ciphers was the release that enabled TLS 1.2 and added the DHE ciphers for forward secrecy plus the AEAD (AES-GCM) and SHA-2 (SHA256, SHA384) ciphers. Since those new ciphers weren't shown in the UI and we couldn't update the UI in an IF or FP, the only option was to ignore the UI and rely solely on the existing notes.ini setting (SSLCipherSpec) for cipher configuration.  

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_1.2
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration

FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.