268 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Domino 9.0.1 FP5 IF1 with Security Fixes
Sat, Jan 30th 2016 41
Linuxfest VII Gets a Slot at IBM Connect 2016
Sat, Jan 30th 2016 28
Traveler 9.0.1.9 shipped
Sat, Jan 16th 2016 16
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 30
STARTTLS Outbound Sessions might fail with TLS 1.0 used and TLS 1.2 Ciphers
Tue, Dec 15th 2015 9
Symantec Backup Exec End of Life
Sat, Dec 5th 2015 12
Domino 9.0.1 FP5 Security Fixes and Functionality
Fri, Dec 4th 2015 13
Top 10
Domino 9.0.1 FP5 IF1 with Security Fixes
Sat, Jan 30th 2016 41
IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN )
Tue, Sep 29th 2015 32
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 30
Linuxfest VII Gets a Slot at IBM Connect 2016
Sat, Jan 30th 2016 28
Domino 9.0.1 FP4 IF2 Security Update
Sat, Sep 26th 2015 18
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 16
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 16
OSX 10.11 El Capitan does not only support ECDHE Ciphers
Thu, Oct 1st 2015 16
Traveler 9.0.1.8 Fixes and DBMaint Command
Wed, Oct 7th 2015 16
Traveler 9.0.1.9 shipped
Sat, Jan 16th 2016 16


Daniel Nashed
Blog Title Daniel Nashed’s Blog
Blog Description Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...
Blog URL http://blog.nashcom.de
RSS Feed http://blog.nashcom.de/nashcomblog.nsf/feed.rss
Validate Feed feedvalidator.org or validator.w3.org
Feed Last Checked Jan 30, 2016 9:40:04 AM EST. Realtime Update:
Location Germany


Recent Blog Posts
41
Domino 9.0.1 FP5 IF1 with Security Fixes
Sat, Jan 30th 2016 9:47a   Daniel Nashed
There is a new IF1 for Domino 9.0.1 that includes two fixes we have waited for in the TLS area specially when communicating with STARTTLS and web-services as posted before on my blog. SPR #KLYHA57S37 - Disable TLS Session Resumption on outbound connections by default This fix addresses and issue for outgoing STARTLS sessions on SMTP. See some more details in my other blog post --> http://blog.nashcom.de/nashcomblog.nsf/dx/tls-1.2-connection-issues-with-protection.
28
Linuxfest VII Gets a Slot at IBM Connect 2016
Sat, Jan 30th 2016 8:17a   Daniel Nashed
If you are attending IBM ConnectED in Orlando and you are interested in Linux you should attend the Linuxfest Session. Thanks to Bill Malchisky we made it again into the agenda! I am looking forward to this session and will bring the brand new Start Script Version 3.1.0 with many enhancements. Here is a copy of Bills' original post. Looking forward to this session. -- Daniel Linuxfest VII Gets a Slot at IBM Connect 2016 Bill Malchisky January 28 2016 02:00:00 AM Linuxfest VII -
16
Traveler 9.0.1.9 shipped
Sat, Jan 16th 2016 8:23a   Daniel Nashed
Traveler 9.0.1.9 is the first update shipped this year. It comes with a number of fixes. See details here --> http://www.ibm.com/support/docview.wss?uid=swg21700212#9019 And it solves an important issue for Traveler HA Servers. There is a technote describing the issue in detail and you should have a look into the new command introduced in this version as soon you have updated your servers. The following TN #1974741 "Two scenarios where multiple accounts for users could be created on
30
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 6:57a   Daniel Nashed
Two of my customers had issues connecting to the Microsoft hosted environment over TLS 1.2 once we got the session resumption working (see previous blog posts). My environment had the same configuration and could connect just fine. It looks like the servers are behaving different with different certificates. That's the only difference we saw in configuration. After a couple of tests and working with IBM support we got a hotfix that we successfully tested yesterday. I know of 3 custom
9
STARTTLS Outbound Sessions might fail with TLS 1.0 used and TLS 1.2 Ciphers
Tue, Dec 15th 2015 2:18p   Daniel Nashed
We have been running into some issues and I got multiple customers reporting that outgoing STARTTLS did not work in some cases specially for some German provides like web.de and gmx.net. The error you see when enabling debugging is SSLEncodeClientHello> We offered SSL/TLS version TLS1.0 (0x0301) FindCipherSpec> Cipher spec DHE_RSA_WITH_AES_256_CBC_SHA256 (107) is not supported with TLS1.0 It turned out that session resumtion in combination with the new introduced TLS 1.2 causes
12
Symantec Backup Exec End of Life
Sat, Dec 5th 2015 9:19a   Daniel Nashed
I have been helping a customer who had issues with Backup Exec for Domino. They got issues with their backups. The error message pointed to issues with their tapes. But it turned out it had to do with the DAOS integration which is not fully working with Domino 9.0.1 The error they got pointed to issues with the back media: Final Error Code: e00084ca HEX (0xe00084ca HEX) or a00084cd HEX (0xa00084cd HEX) Final Error Description: The data being read from the media is inconsistent. Final
13
Domino 9.0.1 FP5 Security Fixes and Functionality
Fri, Dec 4th 2015 8:14p   Daniel Nashed
This week Domino 9.0.1 FP5 has been released. The client fixpack seems to have issues. I have seen a Support Flash alert and a couple of customers/partners contacted me with problems. On the client side I would wait until those problems have been resolved. But on the server side you should look into implementing FP5 soon. I have deployed it on my production server and I have now also incoming and outgoing "STARTTLS" enabled with additional logging via my SpamGeek application. In addit
9
Add-On Tool for Domino Restore
Mon, Nov 30th 2015 10:58a   Daniel Nashed
Most backup solutions are still not really flexible when it comes to restore operations. I am currently involved into some backup projects and build a tool that can be used on top of a Domino aware backup solution. Some software can disable replication when restoring a NSF file. Other applications can change the replica when restoring a database. But I have not seen application that can do both at the same time. And there are also other operations that could make sense. I would wish back
7
Cluster Failover on W2008 and higher - disable Port Stealth Mode
Sat, Nov 21st 2015 3:34a   Daniel Nashed
I should have blogged about this earlier. It was in my 2013 IBM Connected presentation but beside the TN and my presentation there is not much information. If you are using Domino clustering on Win2008 or higher you should really disable the port Stealth mode! This week I ran into a customer crash situation with repeated crashs which took a while to fix. The failover on their Win2012 R2 servers was painful slow. In Win2008 Microsoft introduced a feature called the Port Stealth mode.
7
DNUG Domino Day in Düsseldorf
Wed, Nov 18th 2015 12:32p   Daniel Nashed
Last call! In case you did not know yet. There is a new type of event organized by DNUG next Tuesday. I am very interested to see how the feedback to this new event type is. The event is free for DNUG members and in case you are not a member there is a small fee. Also the way to get enroll is different. The DNUG board to make it easier and tries different ways to organise the event. I am looking forward to the event and I hope to see many of you next week! The sessions are all
16
Traveler 9.0.1.8 Fixes and DBMaint Command
Wed, Oct 7th 2015 5:36p   Daniel Nashed
A new Traveler Version has been released to day. There are a couple of important fixes and you should consider updating soon. Below you find a fix list. There is also a new Traveler command mainly for enterprise database management called DBMaint. Here is a link to the updated documentation section --> http://www.ibm.com/support/knowledgecenter/SSYRPW_9.0.1/IBMTravelerDatabaseMaintenance.html Because it is brand new I have to check how it works in detail and there is a planned O
12
test
Wed, Oct 7th 2015 5:36p   Daniel Nashed
APAR # Abstract LO85584 Explicit commit is not needed for database select statements. LO86339 Warning may be displayed for redirect to SSL setting that is not in effect. LO86341 Add covering index to improve performance of update queries. LO86366 User may stop syncing after migration to HA environment AND change mail template. LO86445 Traveler syncs attachments in very small chunks causing mail delays and possible server crash. LO86448 Enable Calendar ghosting for ActiveSync devices when r
9
Higher Crypt-Standards with Notes/Domino and updated JVM 1.6
Fri, Oct 2nd 2015 3:46p   Daniel Nashed
There is a brand new new TN describing how to enable higher security for the updated JVM 1.6 in Notes/Domino. -->http://www.ibm.com/support/docview.wss?uid=swg21967996 The IBM 1.6 JVM does support TLS 1.2 and also some modern ciphers. Sadly by default they cannot be used because they use higher encryption levels (AES 256) which are disabled by default in the IBM and even in the current Oracle JVM 1.8. The TN describes a download for something that is called "Java Cryptography Ext
16
OSX 10.11 El Capitan does not only support ECDHE Ciphers
Thu, Oct 1st 2015 6:21a   Daniel Nashed
After updating to OSX 10.11 I did a quick test. It wasn't sure if Apple will only support ECDHE and implementing their new standard ATS. The first tests shows that the current ciphers are there but Apple does even support quite simple ciphers like RSA_WITH_RC4_128_SHA / MD5 as a fall back. But you never know if this is going away in one of the next updates. Here is a trace from against a Domino 9.0.1 FP4 IF2 server. You can see all supported common ciphers and I highlighted the most
32
IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN )
Tue, Sep 29th 2015 10:03a   Daniel Nashed
Wow the Mac 64bit Client has been released today! If you are looking for it, the description and the part number might help. Already downloaded from Partnerworld. I hope you also find it in Passport Downloads already. IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN ). And here is the technote -> http://www.ibm.com/support/docview.wss?uid=swg21962311 Have fun! Daniel
18
Domino 9.0.1 FP4 IF2 Security Update
Sat, Sep 26th 2015 4:38a   Daniel Nashed
After updating to the new IF which introduces ECDHE with some additional settings you can get to a "A+" SSL Labs rating. When you install IF2 by default you get a good set of ciphers. In the previous sets oif fixes DHE was disabled by defaiult. Now you have DHE and also ECDHE enabled by default. There is not much in addition to that you have to do. Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites at the end) TLS_ECDHE_RSA_WITH_AES_256_G
6
Domino 9.0.1 FP4 IF2 shipped with ECDHE support
Fri, Sep 25th 2015 10:35a   Daniel Nashed
Domino 9.0.1 Fix Pack 4 Interim Fix 2 shipped. It contains some important fixes in the security area. First of all it corrects some bugs in the DHE and AES-GCM area. And also fixes in MIME conversion specially important for Traveler servers. But it also introduces ECDHE ciphers! Again the Domino security team did a great job implementing important new functionality in an Interims Fix. As posted before Apple iOS 9 which shipped last week requires ECDHE at least for custom applicat
6
IBM Champion Nomination
Thu, Sep 17th 2015 7:41a   Daniel Nashed
The IBM Champion program is a great way to thank active members of the community. "The IBM Champion program recognizes innovative thought leaders in the technical community — and rewards these contributors by amplifying their voice and increasing their sphere of influence. An IBM Champion is an IT professional, business leader, developer, or educator who influences and mentors others to help them make best use of IBM software, solutions, and services." So if there is someone you th
9
iOS 9 Released and Traveler continues to work without ECDHE
Wed, Sep 16th 2015 3:00p   Daniel Nashed
Yesterday Apple released the final version of iOS 9. As posted before it wasn't sure which part of the ATS specification they will enforce for ActiveSync connections and other internal applications like the Safari web browser. My tests have shown that Apple is not enforcing the requirement for ECDHE and not even TLS 1.2 for ActiveSync connections yet. I have been still able to connect with the final iOS 9 release. So the ATS standard is just enforced for custom applications (I did not tes
8
IBM Traveler 9.0.1.7 shipped with iOS 9 support
Mon, Sep 7th 2015 8:46a   Daniel Nashed
Traveler 9.0.1.7 shipped while I was away for holidays. I have updated my server already over the weekend and it looks good. I have also not heard anything negative from any customer yet. This release does not only add support for iOS 9 but also Windows 10 Pro on tablet devices and the latest MS SQL Server. - Support for Windows 10 Pro running on tablet devices. - Support for Apple iOS 9.x running on all Apple devices. - Support for Microsoft SQL Server 2014 Enterprise Edition. Here
5
Apple App Transport Security
Wed, Jul 22nd 2015 6:50a   Daniel Nashed
Apple is introducing a new standard for their next OS versions. App Transport Security (ATS) is planned for iOS 9 and OS X 10.11. The current plan is to only support TLS 1.2 >= 2048 bit RSA SHA-256 signed web server certificates ECDHE!! TLS 1.2 is a good idea, 2048 RSA keys are a good idea and SHA-256 is also a good idea because SHA-1 is rated as insecure. The general requirement for PFS ciphers (https://en.wikipedia.org/wiki/Forward_secrecy) is a good idea from security point
9
Crash on iNotes when applying IF1 or the new 9.0.1 FP4 version
Mon, Jul 20th 2015 12:05a   Daniel Nashed
One of my customers and another partner reported a new crash when applying 9.0.1 FP4 IF1. They both reported the exact same call-stack both running on Linux. I have no details yet but given the fact that there are two independent crash reports with the same call-stack this might be a more general issue. I am waiting for more information and will update you ASAP once I hear anything new. For now I would stay on the last IF of FP3 until we know what is happening. Enclosed you find the cal
9
Crash after applying 9.0.1 FP4
Tue, Jul 7th 2015 1:33a   Daniel Nashed
I am working with IBM support since I installed FP4 directly after it shipped. After installing FP4 I got a crash on startup. I first thought this is special to my environment and IBM support was blaming my unsupported CentOS 6.5 environment. But it turned out that there was already a SPR # LKIM9UPQBL which has been already escalated to development. So it sounded like a more general issue that can happen in some configurations. The bug has been reproduced on one of my customers with SLES
7
IBM Notes Traveler 9.0.1.6 released with some important fixes
Wed, Jul 1st 2015 7:33p   Daniel Nashed
IBM Traveler 9.0.1.6 ships a couple of importan APAR fixes for the IBM Traveler Some of the fixes solve problems in MIME & attachment handling which have been introduced in the last releases when the new MIME handling has been introduced. Fixlist: APAR # Component Abstract LO84879 Server Calendar notice may be sent multiple times or be sent by the server ID. LO85144 Server E-mail containing invalid zero character in WBXML encoding ma
9
IBM Verse Client for iOS shipped
Thu, Apr 30th 2015 3:24a   Daniel Nashed
Finally the IBM Verse App for iOS is released https://itunes.apple.com/de/app/ibm-verse/id949952976 You can either use it to access the IBM Connections Cloud or Traveler On-Premise environments. Currently you can only use one account against either On-Premise or the cloud. Take care that the first Traveler release supporting the client is 9.0.1.3 but you should install the latest 9.0.1.4 version. The Verse client is a container app. You can still continue to use ActiveSync w
5
Traveler 9.0.1.4 shipped
Wed, Apr 29th 2015 5:42a   Daniel Nashed
IBM has released the Traveler 9.0.1.4 which fixes the reported crash issue with MIME conversions mentioned earlier --> http://www.ibm.com/support/docview.wss?uid=swg1LO84505 If you are on 9.0.1.3 you should update asap. There are a couple of other important fixes included -- see below. Already installed, thanks Sebastian for the heads up! -- Daniel Release Date Component Build Level Documentation April 29, 2015 Server 9.0.1.4 201504201605_20 IBM Traveler 9.0.1.4 Releas
6
Traveler 9.0.1.3 server crashes when attempting to sync a MIME-formatted document missing a RFC822 header
Mon, Apr 13th 2015 3:05a   Daniel Nashed
You might want to wait updating your Traveler Server to 9.0.1.3 because of a MIME related bug that can cause crashes. IBM now released a technote with official information about the issue --> www.ibm.com/support/docview.wss?uid=swg21701590. If you already updated and have abnormal process terminations in the Traveler servertask you should not try to downgrade but instead request a fix from IBM (going back to an earlier version would cause a complete resync of all devices). IBM is worki
6
New Start Script Version 3.0 with systemd support released
Tue, Apr 7th 2015 4:12a   Daniel Nashed
There is a new version of the start script for Domino on Linux (also AIX and Solaris) that supports RHEL 7 and SLES 12 which a both now using systemd instead of the older init scripts. When you are migrating to one of those platforms you have to switch to the new start script and also use systemd to start/stop your Domino server. Also for the new versions of Linux the start script remains the main main entry point for all your operations with the server. But for start and stop you will need
6
DHA with more than 1024 key size and Java still works
Mon, Apr 6th 2015 5:58p   Daniel Nashed
As posted before Java 6 and 7 cannot handle DHE key sizes above 1024 bit. The work-around was to limit the DHE key size via notes.ini parameter SSL_DH_KEYSIZE=1024. But this reduced the key size for all other clients that used DHE as well. There is another idea who to work-around this limitation. Java does only support the following DHE cipher: 33 - DHE_RSA_WITH_AES_128_CBC_SHA This is the weakest DHE cipher supported by Domino. If we disable this cipher, Java will not use DHE any
8
New Version of KyrTool released
Fri, Apr 3rd 2015 3:38a   Daniel Nashed
There is a newer version of the key ring tool that has been released on fix-central. Here is the list of fixes for the newer version. You should also update your client and server to the latest available IF because there are also fixes in the back-end for some issues parsing certificates. By the way ... I really like the command line kyrtool. A couple of days ago a customer asked me for some maintenance of their existing key ring files. Their CA expired and we had to remove the root CA f
7
Solution for jconsole SSLv3 vs TLS interoperability issue in Domino 9.0.1 FP3
Fri, Apr 3rd 2015 2:15a   Daniel Nashed
As posted before there is a compatibility for the jconsole / Java server controller introduced in 9.0.1 FP3. IBM shipped a newer JVM in 9.0.1 FP3 with SSLv3 disabled. Previous versions used SSLv3 only even the JVM would have supported TLS 1.0. So once you update your server but not your client you cannot access your server over the server controller. If you update your server but not your client you are running in the same issue the other way round. The only solution was to have two sepa
8
Traveler 9.0.1.3 Available - Verse iOS - Trash folder sync - Invitee status - Android push notifications
Thu, Apr 2nd 2015 4:22a   Daniel Nashed
Traveler 9.0.1.3 has shipped with a couple of interesting new features. And the what's new section does give you some interesting other hints. I have copied the what's new information to this document but want to give you some additional hints. We had many customer asking for Trash folder sync support. It was already included in a previous version but disabled by default -- apparently because they needed to do some more testing. Now it is enabled by default. The Google Cloud Messaging
6
engage conference security presentation
Wed, Apr 1st 2015 7:24a   Daniel Nashed
Yesterday at engage conference in Ghent (http://www.engage.ug/) I gave an updated presentation based on the ConnectED 2015 presentation. I added most of the new notes.ini parameter and also information how to enable those new ciphers and rewrote/reordered a bunch of slides and added more information after the latest IF has been shipped. During the conference I got the question what I would recommend . Here is what I would recommend for the latest fix -- which is sort of a short summary of
7
enage conference security presentation
Wed, Apr 1st 2015 6:24a   Daniel Nashed
Yesterday at engage conference in Ghent I gave an updated presentation based on the ConnectED 2015 presentation. I added most of the new notes.ini parameter and also information how to enable those new ciphers and rewrote/reordered a bunch of slides and added more information after the latest IF has been shipped. During the conference I got the question what I would recommend . Here is what I would recommend for the latest fix -- which is sort of a short summary of the presentation. By
4
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP2 IF2
Mon, Mar 30th 2015 8:14a   Daniel Nashed
As posted before IBM shipped a new IF that introduces TLS 1.2 Along with this new version a set of ciphers have been added. Some of them are enabled by default and other can be enabled using notes.ini settings. Other ciphers that are regarded as "weak" have been removed from the default cipher list. So by default without any additional settings you get the ciphers that IBM currently recommends. What has been added to the default are the AEAD (AES-GCM) ciphers -- see details below. The
7
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP3 IF2
Mon, Mar 30th 2015 7:14a   Daniel Nashed
As posted before IBM shipped a new IF (9.0.1 FP3 IF2/IF3) that introduces TLS 1.2 Along with this new version a set of ciphers have been added. Some of them are enabled by default and other can be enabled using notes.ini settings. Other ciphers that are regarded as "weak" have been removed from the default cipher list. So by default without any additional settings you get the ciphers that IBM currently recommends. What has been added to the default are the AEAD (AES-GCM) ciphers -- s
9
Domino 9.0.1 FP3 IF3 is about to ship
Sun, Mar 29th 2015 7:33a   Daniel Nashed
Domino 9.0.1 FP3 IF3 is about to ship. There is IF2 with a release date of 27.3.2015 which only includes the fix for the PNG vulnerability that recently came up. 9.0.1 Fix Pack 3 Interim Fix 2 SPR #PSIH9SSAHC / http://www.ibm.com/support/docview.wss?uid=swg21698994 -- PNG Vulnerability -- libpng is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the png_combine_row function when decompressing the IDAT_data. A remote attacker could exploit this vul
5
Find us at Engage Conference next Week
Thu, Mar 26th 2015 7:32a   Daniel Nashed
Next week many of us are travelling to Engage conference in Ghent. I am already looking forward to an interesting conference and hopefully will see many of you there. My presentation will be an updated version of the IBM Security Best Practices session Dave Kern and me presented at ConnectED conference in Orlando. I will speak about the current status and the new stuff coming in end of Q1 in the area of TLS, SHA-256 and related security topics. And as mentioned before I am working on R
16
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 3:53a   Daniel Nashed
The problem came up a couple of times and the solution seems still hard to find even it is listed in Kbase. When you try to install a fixpack or hotfix the installer reports that "Notes/Domino related process is still running" even Domino and NSD Service is stopped. It looks like that when the Notes statistics are registered on OS level the "Windows Management Instrumentation Service" (short WMI Service) keeps Notes DLLs blocked. The workaround is to stop the "Windows Management Ins
3
Fritzbox phone number lookup pre-delivery agent
Mon, Mar 9th 2015 6:03a   Daniel Nashed
There is a e-mail notification option in the Fritzbox which I am using for a while. But I did not find a nice way to sync my IBM Notes contacts to my Fritzbox yet. They offer just a connection to certain German e-mail providers. But since my mailfile contains all contacts, having a pre-delivery agent to do the lookup for an incoming call-notification was my "plan B". I build a view that ensures that the lookup can work against an international number format with +country code + area co
5
Domino Start Script systemd Support
Fri, Mar 6th 2015 7:54a   Daniel Nashed
Domino 9.0.1 FP3 IF1 also supports SLES12. So it is time to finish my work on systemd support which is the new service model used in RHEL7 and SLES12. Enclosed you find the current description of the changes in the start script for systemd support. Some parts really need to change to support the new model. But I am keeping the concept that rc_domino is the main entry point for all your operations. The following is a short description. I am currently writing the documentation for the n
8
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 3:45p   Daniel Nashed
As discussed before the security fixes introduced with the additon of TLS 1.0 removed V2 SSL HELO support. This caused issues with applications that still use the V2 SSL HELO for compatibility issues. Specially older OpenSSL Versions did use V2 SSL HELO unless explicitly specifying TLS 1.0. For most applications you can work-around it with updating the OpenSSL version to a current level. But specially when using the SMTP STARTTLS extension we don't control what the connecting server uses
4
SLES 12 support added in 9.0.1 FP3 IF1
Tue, Feb 24th 2015 1:19p   Daniel Nashed
There is a new section that you should note and regularly check: http://www.lotus.com/ldd/fixlist.nsf/WhatsNew/ This section will provide important updates to the fixlist. In this case the support for SLES 12 with 9.0.1 FP3 IF1! WOW! That was a fast response! Normally new major OS versions have to wait at least for a dot release! THANKS!!! As posted before there was a technical issue with restricted ports because bindsock did not work any more because of kernel changes in SLES 12. IBM a
16
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 5:35a   Daniel Nashed
As discussed before, it's not a good idea to completely disable SSLv3 too soon. Notes/Domino 9.0.1 FP3 ships with a newer JVM version that completely disables SSLv3. The Oracle team disabled SSLV3 by default but the IBM JVM team completely removed SSLv3. The Domino server controller and Server Console are based on Java and use the SSL/TLS stack for communication. Domino before FP3 uses SSLv3 only -- I don't want to start any theories about why ... The newer version with FP3 and highe




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition