FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.


Jan 15, 2016, 4:47 PM
324 Posts
topic has been resolvedResolved

Android devices cannot connect to Traveler 9.0.1.8

  • Category: Notes Traveler
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 0

Last night upgraded Domino from 9.0.1FP3 to FP5, and Traveler 9.0.1.8.

Followed the recommendations here -> http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=50900A293DA6F6B385257EC3006ECA6D and here -> http://www-01.ibm.com/support/docview.wss?uid=swg21722405

 and added the following Notes.ini parms:

SSL_DISABLE_TLS_10=1
SSLCipherSpec=9F9E6B39679D9C3D353C2F330A05

Today it appears that a number of Android users can no longer connect to the server. Failing devices are Android 4.3, 4.4.2, 4.4.4., 5.0 and 5.0.1 - however, there are also Android devices of the same levels that can connect.  It appears that iOS9 devices are fine.

Did I miss something?

Thanks!

edit: The message the users are receiving is:  "Error connecting to server https://<traveler server URL>"

----------------------

2nd edit:  When I performed the SSL security test at  www.ssllabs.com I found that apparently older Android devices aren't capable of TLS1.2. I had to remove the 'SSL_DISABLE_TLS_10=1' setting, now the Android devices can connect. Also found that SSLCipherSpec 05 appears to be less secure (per SSL Labs), removed it, and all appears well. New SSLCiperSpec I'm using is:

SSLCipherSpec=9F9E6B39679D9C3D353C2F330A

Also installed Traveler 9.0.1.9

----------------------

3rd edit: Researching Forward Secrecy - found that SSLCpiherSpec defaults have changed (see comment by Dave Kern here -> https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration ) - Removed line: 'SSLCipherSpec=9F9E6B39679D9C3D353C2F330A' from Notes.ini - ultimately improved score at SSL Labs...


FORUM PLAN UPDATE
Date revision: This forum will remain open to new posts and responses until December 1, 2018. (After that date, you will still be able to view and search the forum.) Also, we're taking a second look at the best place to host future conversation. For now, keep using this forum, and stay tuned for more news.