264 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Traveler 9.0.1.3 server crashes when attempting to sync a MIME-formatted document missing a RFC822 header
Mon, Apr 13th 2015 216
New Start Script Version 3.0 with systemd support released
Tue, Apr 7th 2015 15
DHA with more than 1024 key size and Java still works
Mon, Apr 6th 2015 12
New Version of KyrTool released
Fri, Apr 3rd 2015 7
Solution for jconsole SSLv3 vs TLS interoperability issue in Domino 9.0.1 FP3
Fri, Apr 3rd 2015 9
Traveler 9.0.1.3 Available - Verse iOS - Trash folder sync - Invitee status - Android push notifications
Thu, Apr 2nd 2015 8
engage conference security presentation
Wed, Apr 1st 2015 7
Top 10
Traveler 9.0.1.3 server crashes when attempting to sync a MIME-formatted document missing a RFC822 header
Mon, Apr 13th 2015 216
Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 20
Domino TLS 1.0 SHA-2 Support to prevent POODLE has been shipped today
Mon, Nov 3rd 2014 19
Notes/Domino 9.0.1 FP3 has shipped
Wed, Jan 21st 2015 19
Traveler 9.0.1 IF7
Fri, Nov 7th 2014 18
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 16
Domino 9.0.1 FP3 IF3 is about to ship
Sun, Mar 29th 2015 16
TLS and SHA-2 Support and the POODLE Attack
Tue, Oct 21st 2014 15
New Start Script Version 3.0 with systemd support released
Tue, Apr 7th 2015 15
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 14




Recent Blog Posts
216
Traveler 9.0.1.3 server crashes when attempting to sync a MIME-formatted document missing a RFC822 header
Mon, Apr 13th 2015 3:05a   Daniel Nashed
You might want to wait updating your Traveler Server to 9.0.1.3 because of a MIME related bug that can cause crashes. IBM now released a technote with official information about the issue --> www.ibm.com/support/docview.wss?uid=swg21701590. If you already updated and have abnormal process terminations in the Traveler servertask you should not try to downgrade but instead request a fix from IBM (going back to an earlier version would cause a complete resync of all devices). IBM is worki
15
New Start Script Version 3.0 with systemd support released
Tue, Apr 7th 2015 4:12a   Daniel Nashed
There is a new version of the start script for Domino on Linux (also AIX and Solaris) that supports RHEL 7 and SLES 12 which a both now using systemd instead of the older init scripts. When you are migrating to one of those platforms you have to switch to the new start script and also use systemd to start/stop your Domino server. Also for the new versions of Linux the start script remains the main main entry point for all your operations with the server. But for start and stop you will need
12
DHA with more than 1024 key size and Java still works
Mon, Apr 6th 2015 5:58p   Daniel Nashed
As posted before Java 6 and 7 cannot handle DHE key sizes above 1024 bit. The work-around was to limit the DHE key size via notes.ini parameter SSL_DH_KEYSIZE=1024. But this reduced the key size for all other clients that used DHE as well. There is another idea who to work-around this limitation. Java does only support the following DHE cipher: 33 - DHE_RSA_WITH_AES_128_CBC_SHA This is the weakest DHE cipher supported by Domino. If we disable this cipher, Java will not use DHE any
7
New Version of KyrTool released
Fri, Apr 3rd 2015 3:38a   Daniel Nashed
There is a newer version of the key ring tool that has been released on fix-central. Here is the list of fixes for the newer version. You should also update your client and server to the latest available IF because there are also fixes in the back-end for some issues parsing certificates. By the way ... I really like the command line kyrtool. A couple of days ago a customer asked me for some maintenance of their existing key ring files. Their CA expired and we had to remove the root CA f
9
Solution for jconsole SSLv3 vs TLS interoperability issue in Domino 9.0.1 FP3
Fri, Apr 3rd 2015 2:15a   Daniel Nashed
As posted before there is a compatibility for the jconsole / Java server controller introduced in 9.0.1 FP3. IBM shipped a newer JVM in 9.0.1 FP3 with SSLv3 disabled. Previous versions used SSLv3 only even the JVM would have supported TLS 1.0. So once you update your server but not your client you cannot access your server over the server controller. If you update your server but not your client you are running in the same issue the other way round. The only solution was to have two sepa
8
Traveler 9.0.1.3 Available - Verse iOS - Trash folder sync - Invitee status - Android push notifications
Thu, Apr 2nd 2015 4:22a   Daniel Nashed
Traveler 9.0.1.3 has shipped with a couple of interesting new features. And the what's new section does give you some interesting other hints. I have copied the what's new information to this document but want to give you some additional hints. We had many customer asking for Trash folder sync support. It was already included in a previous version but disabled by default -- apparently because they needed to do some more testing. Now it is enabled by default. The Google Cloud Messaging
7
engage conference security presentation
Wed, Apr 1st 2015 7:24a   Daniel Nashed
Yesterday at engage conference in Ghent (http://www.engage.ug/) I gave an updated presentation based on the ConnectED 2015 presentation. I added most of the new notes.ini parameter and also information how to enable those new ciphers and rewrote/reordered a bunch of slides and added more information after the latest IF has been shipped. During the conference I got the question what I would recommend . Here is what I would recommend for the latest fix -- which is sort of a short summary of
3
enage conference security presentation
Wed, Apr 1st 2015 6:24a   Daniel Nashed
Yesterday at engage conference in Ghent I gave an updated presentation based on the ConnectED 2015 presentation. I added most of the new notes.ini parameter and also information how to enable those new ciphers and rewrote/reordered a bunch of slides and added more information after the latest IF has been shipped. During the conference I got the question what I would recommend . Here is what I would recommend for the latest fix -- which is sort of a short summary of the presentation. By
10
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP2 IF2
Mon, Mar 30th 2015 8:14a   Daniel Nashed
As posted before IBM shipped a new IF that introduces TLS 1.2 Along with this new version a set of ciphers have been added. Some of them are enabled by default and other can be enabled using notes.ini settings. Other ciphers that are regarded as "weak" have been removed from the default cipher list. So by default without any additional settings you get the ciphers that IBM currently recommends. What has been added to the default are the AEAD (AES-GCM) ciphers -- see details below. The
3
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP3 IF2
Mon, Mar 30th 2015 7:14a   Daniel Nashed
As posted before IBM shipped a new IF (9.0.1 FP3 IF2/IF3) that introduces TLS 1.2 Along with this new version a set of ciphers have been added. Some of them are enabled by default and other can be enabled using notes.ini settings. Other ciphers that are regarded as "weak" have been removed from the default cipher list. So by default without any additional settings you get the ciphers that IBM currently recommends. What has been added to the default are the AEAD (AES-GCM) ciphers -- s




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition