For those that are waiting on the hotfix, it should have popped out from IBM today. My customer with the AIX 64 server got the ftp site email today. In their case I believe they are just going to leave the 8.5.1 SMTP server in the way for the time being and install the fix when it is rolled into Domino 8.5.2 FP1.
For those that didn't see Dan Adams' from IBM comment on my original work around post, the fix should be posted to Fix Central on September 8th. My guess is a PMR will get you it before then. Any way here is Dan's comment:
This issue is not platform specific and has been reproduced in house with a message that has caused the issue. If you are running into this issue please contact Support regarding this issue.
IBM has a test fix available that is undergoing testing.
Based on successful test results, the target for a public Fix Central fix posting is September 8, 2010.
This fix will also be incorporated into 8.5.2 Fix Pack 1 in Q4.
Using IBM Lotus Traveler with a proxy....food for thought before you do this
Tue, Dec 16th 2014 6:11a Darren Duke Over that past few weeks I've been banging my head against the wall trying to figure out why a Traveler server that has been relocated behind a proxy would not work (it was a standalone server that was working fine before it was moved behind the proxy). Everything seemed fine, except one couldn't get to the Traveler log on page and/or add devices to the servers. Existing users worked flawlessly. Needless to say this was extremely aggravating. I'd install another, new Traveler server and put i [read] Keywords: domino
How to disable SSLv3 in Domino
Fri, Dec 12th 2014 6:01a Darren Duke In my POODLE TLS post from a few days back, there was a comment asking how to fully disabling SSLv3 in Domino. You'll notice in the comments I mention that there is a way but at the time it was under NDA. Well, apparently not anymore.... Now, fair warning this may not yet be supported by IBM so if you choose to do this, you do it at your own risk (while under NDA on this, it was stated that is unsupported so YMMV). According to this post on the Domino wiki, you can use this server notes [read] Keywords: domino
POODLE TLS - The POODLE Strikes Back - change your settings now....
Tue, Dec 9th 2014 8:11a Darren Duke After a brief chat in the Lotus Notes Skype chat with Jim Casle, Declan Lynch, Steve Pridemore and Frederick Norling it has become apparent that Domino maybe susceptible to the newly discovered POODLE TLS issue (POODLE 2.0 if you will). You can read about the new issues here and here. Go scan your servers at SSL Labs. Anyway, provided you are using 9.0.1 FP IF1 (the TLS fix that IBM provided a while back) the apparent Domino fix is to disable AES and 3DES ciphers and run with only RC4: [read] Keywords: domino
POODLE and SHA2 support coming to Domino
Tue, Oct 21st 2014 9:02a Darren Duke Behold, the silence has ended.....the crescendo that is IBM has finally lifted the veil on some fixes for some very large security holes....AFAIK these are native Domino fixes. I'm unsure of the protocols supported, but my understanding is all of them, but only time will tell. These are not available yet, but should be in "weeks"... First up, fix POODLE outlined in Technote 1687167. This is coming to: 9.0.1 FP2 9.0 8.5.3 FP6 8.5.2 FP4 8.5.1 FP5 I think that is every supported Domino [read] Keywords: domino
So Domino and SHA2.....There’s a SPR for that
Wed, Aug 20th 2014 7:20a Darren Duke As some of you know, SHA2 support in the native Domino HTTP stack has been a bit of a fire starter of late. As IBM like to say "we've not heard that from our customers", here's your chance to change that. How do you do that? Simple, if you are able to create a PMR against Domino (if you're on support for Notes and Domino you can) and mention that you want SPR # ABAI7SASE6 (APAR LO48388) addressed. Here's link to the IBM support portal, so head on over there and create an PMR via an Elec [read] Keywords: domino