198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Notes Client 9.0.1 FP9 F1 released
Sat, Oct 14th 2017 214
Domino 9.0.1 FP 9 IF2 available with important fixes
Fri, Oct 13th 2017 280
IBM Champion Program Nominations are open
Tue, Oct 10th 2017 42
Installing C-API Applications on Linux
Wed, Oct 4th 2017 15
Known issues with Domino 9.0.1 FP9
Wed, Sep 27th 2017 11
Fix Available: SMTP regression issue in Domino 9.0.1 FP9 can cause malformed headers
Fri, Sep 15th 2017 5
Domino Performance issue on some Linux Versions
Thu, Sep 14th 2017 3
Top 10
Domino 9.0.1 FP 9 IF2 available with important fixes
Fri, Oct 13th 2017 280
Notes Client 9.0.1 FP9 F1 released
Sat, Oct 14th 2017 214
IBM Champion Program Nominations are open
Tue, Oct 10th 2017 42
IBM Notes V9.0.1 Mac 64 Bit English (CN6VDEN )
Tue, Sep 29th 2015 25
Details about JVM 1.8 Update in Notes/Domino 9.0.1 FP8
Sun, Feb 5th 2017 21
TLS 1.2 Connection Issues with mail.protection.outlook.COM
Thu, Jan 7th 2016 19
Solution for Notes/Domino related process is still running when applying a Fixpack or Hotfix
Wed, Mar 25th 2015 15
IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice
Fri, Jan 27th 2017 15
Installing C-API Applications on Linux
Wed, Oct 4th 2017 15
Notes Client/Windows Crash with Windows 10 Creators update
Thu, Jun 1st 2017 14


Notes/Domino 9.0.1 FP3 - Java Console/Controller Incompatibility
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Daniel Nashed    

As discussed before, it's not a good idea to completely disable SSLv3 too soon.
Notes/Domino 9.0.1 FP3 ships with a newer JVM version that completely disables SSLv3.
The Oracle team disabled SSLV3 by default but the IBM JVM team completely removed SSLv3.

The Domino server controller and Server Console are based on Java and use the SSL/TLS stack for communication.
Domino before FP3 uses SSLv3 only -- I don't want to start any theories about why ...

The newer version with FP3 and higher use TLS 1.0 only.

That means once you updated your client you cannot communicate via server controller with an older server.
And also means that you cannot communicate from an older client once you updated your server.

There is no easy work-around beside running two different clients.
Just using a different exe does not help because the main change is in the IBM JVM.
You could keep the old client binaries and clone the data directory and run the jconsole from two different directories to avoid using two different workstations.

-- Daniel


References:

http://www.ibm.com/support/docview.wss?uid=swg21695943

And information from the release notes:

9.0.1 Fix Pack 3 updates the embedded Notes/Domino JVM to 1.6 SR16 FP2 to address security vulnerabilities. This release has all of the content from the recently released POODLE and POODLE on TLS vulnerabilities in one easy to install package that includes the content from Domino 9.0.1 Fix Pack 2 Interim Fix 3 and Notes 9.0.1 Fix Pack 2 Interim Fix 4.

JVM 1.6 SR16 FP2 disabled SSLv3 and instead communicates only over TLS. If the Domino server is upgraded to 9.0.1 Fix Pack 3 (which contains JVM 1.6 SR16 FP2), the Java Console attempts to connect over SSLv3 to the JVM layer on the Domino server, which will accept only TLS connections. Applying 9.0.1 Fix Pack 3 on both the Domino server and the Java Console client will remedy the situation. For additional information, see technote 1695943 - Domino Console fails to connect to remote server after upgrading Notes or Domino to 9.0.1 Fix Pack 3



---------------------
http://blog.nashcom.de/nashcomblog.nsf/dx/notesdomino-9.0.1-fp3-java-consolecontroller-incompatibility.htm
Feb 18, 2015
10 hits



Recent Blog Posts
214
Notes Client 9.0.1 FP9 F1 released
Sat, Oct 14th 2017 5:31p   Daniel Nashed
There is also a client IF1 for 9.0.1 FP9 which fixes one part of the issue that I reported. Depending on your configuration MIME messages sent did show up with different fonts on Notes clients. It happened in edit mode or when the embedded MIME browser was disabled. What has been fixed is that the IF1 client shows correct fronts. But earlier clients still shows different fonts (for example if you send a mail with sans serif it will show up in serif). I don't know if that can be fixed at
280
Domino 9.0.1 FP 9 IF2 available with important fixes
Fri, Oct 13th 2017 9:09a   Daniel Nashed
Two of the issues fixed in IF2 have been discussed before in my blog. But there are also two other critical issues fixed. Some of my customers reported DBMT and updall hangs which have been fixed with TDOOAREP8W. And the Private on first use folder issue also has been reported before. If you have installed 9.0.1 FP 9 you should update to IF2! -- Daniel JPAIAQ5SKW PANIC: DbMarkCorrupt! (d:notefileadmin4.nsf Dbiid: 0x3D91E116 0x3C07FE17) JVEKAQSGCC S
42
IBM Champion Program Nominations are open
Tue, Oct 10th 2017 6:05p   Daniel Nashed
The IBM champion nominations have just started today. You can nominate your favorite persons in the community to appreciate what they are doing for the community (--> https://developer.ibm.com/dwblog/2017/ibm-champion-program-nominations/) Libby just expressed it in short words what a champion makes stand out. Let me quote instead of just passing a link! -- Daniel "You may know an IBM Champion if… The best way to understand the IBM Champions program is to know an IBM Champion. D
15
Installing C-API Applications on Linux
Wed, Oct 4th 2017 11:51a   Daniel Nashed
When installing binaries on Linux you have to be aware of the directory structure for the files installed in the opt directory. For installing a servertask the recommended way is to copy it to the Domino binary directory and create a start link. For myself I created a script that handles installation of servertasks and extension managers because I don't want to do those steps manually and my script comes with a wrapper script that benefits of sudo when installing binaries on my developmen
11
Known issues with Domino 9.0.1 FP9
Wed, Sep 27th 2017 3:38a   Daniel Nashed
A couple of customers and partners asked me about current known issues with FP9 in my blog and offline. Beside the issue with the garbage chars fixed in IF1 there are 3 other issues that could prevent you from upgrading to FP9. There is an issue with private on first use views and folders on the server side which prevents those views and folders to be created. IBM has a hotfix for this as Sascha already reported in my blog comments. SPR# JVEKAQSGCC / LO92948: SHARED, PRIVATE ON FIRST USE
5
Fix Available: SMTP regression issue in Domino 9.0.1 FP9 can cause malformed headers
Fri, Sep 15th 2017 11:43p   Daniel Nashed
Finally we got IF1 for 9.0.1 FP9 for the issue I reported in an earlier blog post . The regression was introduced by a fix that IBM has removed in IF1 (and I got a hotfix earlier as mentioned in an earlier blog post). The root cause is an issue with malformed headers -- specially the from header that are generated at message itemization. Depending on your configuration this causes garbage chars in your headers. In any case some functionality like SMTPVerifyAuthenticatedSender=1 or capt
3
Domino Performance issue on some Linux Versions
Thu, Sep 14th 2017 10:13a   Daniel Nashed
When working on a larger Domino migration and consolidation project I ran into an new Linux specific performance issues that might hit some of you depending on your Linux version. I have tested with current RHEL 7 servers which are not affected. But on customer site we are using the latest patch level of RHEL 6.9 and I have also seen it with SLES 11 SP2/3. I did not yet test with SLES 12 (maybe someone volunteers to do some testing). There has been an issue in the 8.5.3 code stream which ha
1
How to resolve synchronization issues that start after upgrading to IBM Traveler 9.0.1.18 (or higher)
Sat, Sep 9th 2017 9:21a   Daniel Nashed
If you are running on Traveler 9.0.1.18 and higher you should read the following support flash technote in detail. http://www.ibm.com/support/docview.wss?uid=swg22005703 You must read this technote if you are running on 9.0.1.18 and higher. And with this new information it makes a lot of sense to move to this new version soon. As mentioned before, IBM changed the default security mode for Traveler. Traveler uses a run as user feature to ensure that all functionality is invoked in th
2
Traveler 9.0.1.19 with important fixes
Fri, Sep 8th 2017 7:15a   Daniel Nashed
We have been waiting for Traveler 9.0.1.19 for some important fixes and also updates SQL server support and push certificate update: Support for MS SQL Server 2016 Enterprise Edition. Updated APNS Certificates with expiration 8/1/2018. Improvements for the Run as User Feature. But the most important changes are for the "Run as User" Feature which has been introduced in 9.0.1.18. Some of my customers and issues with Traveler profiles which could not be read correctly in some cases.
5
SSLV3 disabled by default since 9.0.1 FP9
Tue, Sep 5th 2017 2:18p   Daniel Nashed
This change has been discussed a while ago. Now it was finally time to disable default SSLv3 in Domino. The SPR did not make it into the fixlist. Thanks Thibaud Maes for your mail! The change addressed by SPR # DKENAKNSEG will affect all connection types that utilise the native Domino security stack such as HTTPS and secure DIIOP. If you still need SSLv3 you need this new notes.ini parameter ENABLE_SSLV3=1 There are not many applications left that need SSLV3 ... Daniel




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition