sabato 28 marzo 2015

IBM Domino 9.0.1 FP3 IF2 disponibile ecco il TLS 1.2 !

IBM ha rilasciato su fixcentral il nuovo IF2 per Domino 9.0.1 FP3 e IF3 per Notes 9.0.1 FP3 che introducono alcuni fix minori e soprattutto implementano il TLS 1.2 rendendo Domino un server più sicuro supportando l'ultima versione del protocollo di sicurezza HTTPS .

Questo che potete vedere sotto è il change log con le correzioni del server

LCHG9UPBFM IBMi:TLS1.2 support for system SSL on IBM i Domino
KLYH9URNFY TLS 1.2 Client handshake request rejected by Server if server certificate chain signature type not supported by the client
KLYH9URNJH TLS 1.2 Notes / Domino as a TLS client rejects handshake with server if no common signature algorithm available
KLYH9UQJQN Remove RC4-SHA from the default cipher list for TLS 1.2
KLYH9UPMR7 Crash Problem in kyr caching
RKUR9PEDEB Implement HSTS (Http Strict Transport Security).This header informs supported browsers that the site should only be accessed over an SSL-protected connection (HTTPS)
RGET9TSMKD Add IP Information to HTTP Thread logs for SSL Handshake connections
MKIN9QHT5W Passing a directory to kyrtool will crash the tool
DKEN9RVQGD kyrtool import all sometimes reports SECIssUpdateKeyringPrivateKey returned error 0x0720, AVA separator not found or Syntax error in OID when a \ is in a certificate name part
DKEN9SSUR6 Add more detailed logging for SSL/TLS connections to help diagnose failed connections.
KLYH9UFNWH New notes.ini SSL_DISABLE_TLS_10 to support Disabling TLS1.0 for compliance reasons. Used in conjunction with existing DISABLE_SSLV3=1 allows you to limit communication to TLS 1.2 only for protocols: HTTP, SMTP, LDAP, POP3 & IMAP
KLYH9QKTGH Added SHA-256 cipher specs for increased security with TLS 1.2
KLYH9QKTED Added Advanced Encryption Standard (AES) Galois/Counter Mode for increased security with TLS 1.2
KLYH9QKTBL Added Perfect Forward Secrecy (PFS) via Ephemeral Diffie-Hellman (DHE) cipher specs for SSL/TLS
KLYH9QKT4B Notes / Domino Support for TLS 1.2 (Transport Layer Security 1.2) with protocols: HTTP, SMTP, LDAP, POP3 & IMAP
KLYH9UBNGW Add pinning to SHA-256 for TLS 1.2
RMAS9PFRHP Namelookup retrieval via remote LDAP does not retrieve correct attributes
HCHC9GG66F Administrator Client Shows Wrong File Sizes of database with DAOS size>0 After Server Restart


A questa pagina potete trovare il change log di Notes e tutti i link di download. 
Se tramite il vostro server erogate servizi Http, Ldap, Smtp ,Pop3,  Imap vi consiglio di prepararvi per installare questo agiornamento il prima possibile e di passare al TLS 1.2 per avere il vostro server ed i vostri dati al sicuro. 

Complimenti a IBM per il rilascio di questa nuova funzionalità in Domino  che rimane un server in evoluzione con un ottimo supporto !

Nessun commento:

Posta un commento