261 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 223
SLES 12 support added in 9.0.1 FP3 IF1
Tue, Feb 24th 2015 59
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 32
Planned Domino 9 SLES 12 Support
Thu, Jan 29th 2015 16
ConnectED Session Slides posted BP102: Practical IBM Notes and Domino Internet Security
Tue, Jan 27th 2015 13
Notes/Domino 9.0.1 FP3 has shipped
Wed, Jan 21st 2015 24
Domino TLS POODLE Fix released
Sun, Dec 21st 2014 22
Top 10
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 223
SLES 12 support added in 9.0.1 FP3 IF1
Tue, Feb 24th 2015 59
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 32
Some Additonal TLS 1.0 Information
Thu, Nov 6th 2014 27
Notes/Domino 9.0.1 FP3 has shipped
Wed, Jan 21st 2015 24
Domino TLS POODLE Fix released
Sun, Dec 21st 2014 22
Traveler 9.0.1 IF7
Fri, Nov 7th 2014 19
Planned Domino 9 SLES 12 Support
Thu, Jan 29th 2015 16
Short Description Creating a Domino Keyring File with the new Keyring Tool and a Windows CA using Binary Formats
Tue, Dec 2nd 2014 16
iNotes Redirect without Anonymous Access
Fri, Dec 5th 2014 14




Recent Blog Posts
223
SSL V2 HELO can be re-enabled with 9.0.1 FP3 IF1
Wed, Feb 25th 2015 3:45p   Daniel Nashed
As discussed before the security fixes introduced with the additon of TLS 1.0 removed V2 SSL HELO support. This caused issues with applications that still use the V2 SSL HELO for compatibility issues. Specially older OpenSSL Versions did use V2 SSL HELO unless explicitly specifying TLS 1.0. For most applications you can work-around it with updating the OpenSSL version to a current level. But specially when using the SMTP STARTTLS extension we don't control what the connecting server uses
59
SLES 12 support added in 9.0.1 FP3 IF1
Tue, Feb 24th 2015 1:19p   Daniel Nashed
There is a new section that you should note and regularly check: http://www.lotus.com/ldd/fixlist.nsf/WhatsNew/ This section will provide important updates to the fixlist. In this case the support for SLES 12 with 9.0.1 FP3 IF1! WOW! That was a fast response! Normally new major OS versions have to wait at least for a dot release! THANKS!!! As posted before there was a technical issue with restricted ports because bindsock did not work any more because of kernel changes in SLES 12. IBM a
32
Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Wed, Feb 18th 2015 5:35a   Daniel Nashed
As discussed before, it's not a good idea to completely disable SSLv3 too soon. Notes/Domino 9.0.1 FP3 ships with a newer JVM version that completely disables SSLv3. The Oracle team disabled SSLV3 by default but the IBM JVM team completely removed SSLv3. The Domino server controller and Server Console are based on Java and use the SSL/TLS stack for communication. Domino before FP3 uses SSLv3 only -- I don't want to start any theories about why ... The newer version with FP3 and highe
16
Planned Domino 9 SLES 12 Support
Thu, Jan 29th 2015 6:25p   Daniel Nashed
The question for SLES 12 has been raised during IIBM ConnectED. There is an issue with Domino on SLES 12 and SLES 12 is not currently supported (in contrast with RHEL 7). There is a SPR # YXYX9RA56Z "Error - Unable to Bind port 443 or 80" on SUSE12. I have checked in the Lab and got a similar info than what has been posted before on the web: "There is a known issue with SLES 12 where bindsock has issues. Before we can support SLES 12 and any other newer kernel with this issue, we will
13
ConnectED Session Slides posted BP102: Practical IBM Notes and Domino Internet Security
Tue, Jan 27th 2015 10:45p   Daniel Nashed
Today I had the pleasure to present with Dave Kern about Domino internet security. Now that the presentation is public, I can speak about all the details that we presented. See the slides for all details. We covered what is already available in 9.0.1 FP3 and what is coming after FP3 quite soon. In the session demo we had a the SSL Test website showing a A- up to A+ rating depending on the configuration. There is a lot good stuff coming up in a scheduled interims fix. This includes TLS
24
Notes/Domino 9.0.1 FP3 has shipped
Wed, Jan 21st 2015 11:09a   Daniel Nashed
Today Notes/Domino 9.0.1 FP3 has been shipped. Already installed it on my production server. There are new new "SSL/TLS" releated fixes in FP3. But there are updates planned after FP3. So updating to FP3 is the base and you should consider an update soon. It's always better to install a FP than a IF which is technically a combo hotfix. There are also a couple of other important fixes in FP3. When you look into the Fixlist you see a couple of database/DAOS releated fixes. The FP al
22
Domino TLS POODLE Fix released
Sun, Dec 21st 2014 5:12a   Daniel Nashed
As reported before the IF that introduced TLS 1.0 is vulnerable to the new PODDLE issue. IBM released a new IF for all supported versions that fixes this issue. After installing the IF you can re-enable the CBC ciphers which are now reported as not vulnerable by the SSL Labs Test site. In addition to this fix IBM officially introduces a new notes.ini variable to disable SSL V3. DISABLE_SSLV3=1 will disable SSL V3 completely. But as mentioned before you should be completely sure if you wa
10
New-Domino-POOLE-Iussue-now-with-TLS
Tue, Dec 9th 2014 11:16p   Daniel Nashed
There is a new exploit that affects TLS! Not all implementations of TLS are affected. But Domino and also some other solutions like the F5 load-balancer are on the list. For more details read --> https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls The problem effects all CBC ciphers. IBM is working on a solution. Meanwhile you can disable the CBC ciphers. Currently there are only two ciphers left. Not really completely what we want but it sounds like IBM
14
iNotes Redirect without Anonymous Access
Fri, Dec 5th 2014 9:15a   Daniel Nashed
When running iNotes you might only want to allow authenticated connections to your Domino Server over HTTP. But on the other side you want to use the iNotes Redirect database which contains some images and other design that should load even the user is not yet authenticated. There is a Wiki article that describes in detail what to do. Thanks to IBM pointing out that parameter! http://www.lotus.com/ldd/dominowiki.nsf/dx/Allowing_Anonymous_Access_to_iNotes_Redirect_images__while_preventing_An
16
Short Description Creating a Domino Keyring File with the new Keyring Tool and a Windows CA using Binary Formats
Tue, Dec 2nd 2014 5:11a   Daniel Nashed
Now that more and more customers are using the new keyring tool we run into interesting constellations. Microsoft uses binary formats instead of the ascii based PEM format that the keyring tool requires. Openssl does not only help you to create the key and the certficates. You can also use it to convert the certificate formats. I have written a short step by step short documentation for my customer including some troubleshooting steps and tricks. To keep it short I have left out the re




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition