263 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP2 IF2
Mon, Mar 30th 2015 188
Domino 9.0.1 FP3 IF3 is about to ship
Sun, Mar 29th 2015 339
Find us at Engage Conference next Week
Thu, Mar 26th 2015 131
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 247
Fritzbox phone number lookup pre-delivery agent
Mon, Mar 9th 2015 11
Domino Start Script systemd Support
Fri, Mar 6th 2015 16
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 31
Top 10
Domino 9.0.1 FP3 IF3 is about to ship
Sun, Mar 29th 2015 339
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 247
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP2 IF2
Mon, Mar 30th 2015 188
Find us at Engage Conference next Week
Thu, Mar 26th 2015 131
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 31
Domino TLS POODLE Fix released
Sun, Dec 21st 2014 27
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 23
Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 20
Traveler 9.0.1 IF7
Fri, Nov 7th 2014 20
Important Update on Traveler iOS 8 Support -- You have to install an IF!
Mon, Sep 15th 2014 17




Recent Blog Posts
188
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP2 IF2
Mon, Mar 30th 2015 8:14a   Daniel Nashed
As posted before IBM shipped a new IF that introduces TLS 1.2 Along with this new version a set of ciphers have been added. Some of them are enabled by default and other can be enabled using notes.ini settings. Other ciphers that are regarded as "weak" have been removed from the default cipher list. So by default without any additional settings you get the ciphers that IBM currently recommends. What has been added to the default are the AEAD (AES-GCM) ciphers -- see details below. The
339
Domino 9.0.1 FP3 IF3 is about to ship
Sun, Mar 29th 2015 7:33a   Daniel Nashed
Domino 9.0.1 FP3 IF3 is about to ship. There is IF2 with a release date of 27.3.2015 which only includes the fix for the PNG vulnerability that recently came up. 9.0.1 Fix Pack 3 Interim Fix 2 SPR #PSIH9SSAHC / http://www.ibm.com/support/docview.wss?uid=swg21698994 -- PNG Vulnerability -- libpng is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the png_combine_row function when decompressing the IDAT_data. A remote attacker could exploit this vul
131
Find us at Engage Conference next Week
Thu, Mar 26th 2015 7:32a   Daniel Nashed
Next week many of us are travelling to Engage conference in Ghent. I am already looking forward to an interesting conference and hopefully will see many of you there. My presentation will be an updated version of the IBM Security Best Practices session Dave Kern and me presented at ConnectED conference in Orlando. I will speak about the current status and the new stuff coming in end of Q1 in the area of TLS, SHA-256 and related security topics. And as mentioned before I am working on R
247
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 3:53a   Daniel Nashed
The problem came up a couple of times and the solution seems still hard to find even it is listed in Kbase. When you try to install a fixpack or hotfix the installer reports that "Notes/Domino related process is still running" even Domino and NSD Service is stopped. It looks like that when the Notes statistics are registered on OS level the "Windows Management Instrumentation Service" (short WMI Service) keeps Notes DLLs blocked. The workaround is to stop the "Windows Management Ins
11
Fritzbox phone number lookup pre-delivery agent
Mon, Mar 9th 2015 6:03a   Daniel Nashed
There is a e-mail notification option in the Fritzbox which I am using for a while. But I did not find a nice way to sync my IBM Notes contacts to my Fritzbox yet. They offer just a connection to certain German e-mail providers. But since my mailfile contains all contacts, having a pre-delivery agent to do the lookup for an incoming call-notification was my "plan B". I build a view that ensures that the lookup can work against an international number format with +country code + area co
16
Domino Start Script systemd Support
Fri, Mar 6th 2015 7:54a   Daniel Nashed
Domino 9.0.1 FP3 IF1 also supports SLES12. So it is time to finish my work on systemd support which is the new service model used in RHEL7 and SLES12. Enclosed you find the current description of the changes in the start script for systemd support. Some parts really need to change to support the new model. But I am keeping the concept that rc_domino is the main entry point for all your operations. The following is a short description. I am currently writing the documentation for the n
31
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 3:45p   Daniel Nashed
As discussed before the security fixes introduced with the additon of TLS 1.0 removed V2 SSL HELO support. This caused issues with applications that still use the V2 SSL HELO for compatibility issues. Specially older OpenSSL Versions did use V2 SSL HELO unless explicitly specifying TLS 1.0. For most applications you can work-around it with updating the OpenSSL version to a current level. But specially when using the SMTP STARTTLS extension we don't control what the connecting server uses
14
SLES 12 support added in 9.0.1 FP3 IF1
Tue, Feb 24th 2015 1:19p   Daniel Nashed
There is a new section that you should note and regularly check: http://www.lotus.com/ldd/fixlist.nsf/WhatsNew/ This section will provide important updates to the fixlist. In this case the support for SLES 12 with 9.0.1 FP3 IF1! WOW! That was a fast response! Normally new major OS versions have to wait at least for a dot release! THANKS!!! As posted before there was a technical issue with restricted ports because bindsock did not work any more because of kernel changes in SLES 12. IBM a
23
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 5:35a   Daniel Nashed
As discussed before, it's not a good idea to completely disable SSLv3 too soon. Notes/Domino 9.0.1 FP3 ships with a newer JVM version that completely disables SSLv3. The Oracle team disabled SSLV3 by default but the IBM JVM team completely removed SSLv3. The Domino server controller and Server Console are based on Java and use the SSL/TLS stack for communication. Domino before FP3 uses SSLv3 only -- I don't want to start any theories about why ... The newer version with FP3 and highe
10
Planned Domino 9 SLES 12 Support
Thu, Jan 29th 2015 6:25p   Daniel Nashed
The question for SLES 12 has been raised during IIBM ConnectED. There is an issue with Domino on SLES 12 and SLES 12 is not currently supported (in contrast with RHEL 7). There is a SPR # YXYX9RA56Z "Error - Unable to Bind port 443 or 80" on SUSE12. I have checked in the Lab and got a similar info than what has been posted before on the web: "There is a known issue with SLES 12 where bindsock has issues. Before we can support SLES 12 and any other newer kernel with this issue, we will




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition