Jan 15, 2016, 4:47 PM
296 Posts
topic has been resolvedResolved

Android devices cannot connect to Traveler 9.0.1.8

  • Category: Notes Traveler
  • Platform: Windows
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 0

Last night upgraded Domino from 9.0.1FP3 to FP5, and Traveler 9.0.1.8.

Followed the recommendations here -> http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=50900A293DA6F6B385257EC3006ECA6D and here -> http://www-01.ibm.com/support/docview.wss?uid=swg21722405

 and added the following Notes.ini parms:

SSL_DISABLE_TLS_10=1
SSLCipherSpec=9F9E6B39679D9C3D353C2F330A05

Today it appears that a number of Android users can no longer connect to the server. Failing devices are Android 4.3, 4.4.2, 4.4.4., 5.0 and 5.0.1 - however, there are also Android devices of the same levels that can connect.  It appears that iOS9 devices are fine.

Did I miss something?

Thanks!

edit: The message the users are receiving is:  "Error connecting to server https://<traveler server URL>"

----------------------

2nd edit:  When I performed the SSL security test at  www.ssllabs.com I found that apparently older Android devices aren't capable of TLS1.2. I had to remove the 'SSL_DISABLE_TLS_10=1' setting, now the Android devices can connect. Also found that SSLCipherSpec 05 appears to be less secure (per SSL Labs), removed it, and all appears well. New SSLCiperSpec I'm using is:

SSLCipherSpec=9F9E6B39679D9C3D353C2F330A

Also installed Traveler 9.0.1.9

----------------------

3rd edit: Researching Forward Secrecy - found that SSLCpiherSpec defaults have changed (see comment by Dave Kern here -> https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration ) - Removed line: 'SSLCipherSpec=9F9E6B39679D9C3D353C2F330A' from Notes.ini - ultimately improved score at SSL Labs...