268 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
The 2015 Snarky Review
Mon, Jan 11th 2016 20
If you get page errors after disabling HTTPEnableConnectorHeaders in Domino, try this
Mon, Nov 2nd 2015 14
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 18
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 11
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 14
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 15
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 11
Top 10
SOLUTION - Domino Directory Assistance to Active Directory when using SSL DOES NOT break with 9.0.1 FP4
Thu, Jul 16th 2015 20
The 2015 Snarky Review
Mon, Jan 11th 2016 20
iNotes and IE11 - yes it is supported
Tue, Mar 18th 2014 18
Here is a freely available VM to reverse proxy Domino - shoot the poodle
Wed, Oct 15th 2014 18
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 18
Domino Directory Assistance to Active Directory when using SSL breaks with 9.0.1 FP4
Wed, Jul 15th 2015 17
TLS 1.2 in Domino and the settings I use
Mon, Apr 6th 2015 16
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 15
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 15
The Domino fixes for POODLE and TLS, you may not be done yet
Tue, Nov 4th 2014 14




Recent Blog Posts
20
The 2015 Snarky Review
Mon, Jan 11th 2016 1:00p   Darren Duke
Firefox started at 34, ended at 43 (which also seemed to break everything). Chrome started at 39, ended at 47. IE, 11 and 11 (or Edge depending on your OS). My browser preference has changed. I'd love to still use Firefox (as they give a shit about privacy) but it's performance compared to Chrome is laughably right now. So Chrome it is (hangs head in shame)... IBM finally grasped that web security in Domino is important. We got SHA2, TLS1.2, OCSP, HSTS and modern ciphers. Only in R
14
If you get page errors after disabling HTTPEnableConnectorHeaders in Domino, try this
Mon, Nov 2nd 2015 5:53a   Darren Duke
If you are wondering why you want to disable HTTPEnableConnectorHeaders go read Jasper Kiaer's excellent post on why this maybe the worst security hole in Domino ever. Yes, ever. So now you've sent HTTPEnableConnectorHeaders=0 in the server notes.ini (make sure the setting has taken with a "show config http*" in the server console). You restart HTTP on Domino and you get this when you try to access the server: Request contains an HTTP header that does not contain a colon Then you
18
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 5:11p   Darren Duke
There are times when a SSL certificate would be nice but not economical. Like for this blog for example. I'm hardly going to splurge $100+ on SSL certificate "just because", and "SSL everywhere" and Google ranking be damned. But here are options out there to get free Class 1 SSL certificates from a trusted root certifier. StartSSL will provide you a free 1 year SSL for most domains (anything with the word financial in the domain is not allowed, and I'm sure there are more rules than th
11
Free SSL certificates. Yes free (for most domains)
Thu, Oct 1st 2015 8:11a   Darren Duke
There are times when an SSL certificate would be nice but not economical. Like for this blog for example. I'm hardly going to splurge $100+ on SSL certificate "just because", and "SSL everywhere" and Google ranking be damned. But here are options out there to get free Class 1 SSL certificates from a trusted root certifier. StartSSL will provide you a free 1 year SSL for most domains (anything with the word financial in the domain is not allowed, and I'm sure there are more rules than t
14
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 8:12a   Darren Duke
OK, so I know I said IBM were dropping the ball on 9.0.2 but the Domino security team have been knocking the ball out of the park lately (IBM, don't ignore security again.....just saying). Anyhow, yesterday was HSTS, today I give you OCSP Stapling in Domino. Again the crowds ask, "WTF?"....Via Wikipedia (and, yes a bit yawny....): OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) for
15
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 7:17a   Darren Duke
OK, so I know I said IBM were dropping the ball on 9.0.2 but the Domino security team have been knocking the ball out of the park lately (IBM, don't ignore security again.....just saying). Anyhow, yesterday was HSTS, today I give you OCSP Stapling in Domino. Again the crowds ask, "WTF?"....Via Wikipedia (and, yes a bit yawny....): OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) f
11
Supercharge your Domino servers with OCSP Stapling - real go faster stripes
Wed, Sep 16th 2015 7:17a   Darren Duke
OK, so I know I said IBM were dropping the ball on 9.0.2 but the Domino security team have been knocking the ball out of the park lately (IBM, don't ignore security again.....just saying). Anyhow, yesterday was HSTS, today I give you OCSP Stapling in Domino. Again the crowds ask, "WTF?"....Via Wikipedia (and, yes a bit yawny....): OCSP stapling, formally known as the TLS Certificate Status Request extension, is an alternative approach to the Online Certificate Status Protocol (OCSP) f
15
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 9:53a   Darren Duke
I didn't see this initially (RTFM Darren....RTFM....). HTTPS Strict Transport Security (HSTS).....what's that? I call on the all knowing Wikipedia for a short answer...... It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,and never via the insecure HTTP protocol Basically it prevents some downgrade attacks, some man in the middle attacks and some cookie hijacking attacks. Now you've b
7
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 8:53a   Darren Duke
I didn't see this initially (RTFM Darren....RTFM....). HTTPS Strict Transport Security (HSTS).....what's that? I call on the all knowing Wikipedia for a short answer...... It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,and never via the insecure HTTP protocol Basically it prevents some downgrade attacks, some man in the middle attacks and some cookie hijacking attacks. Now you
8
Domino adds HSTS to it’s security arsenal
Tue, Sep 15th 2015 8:53a   Darren Duke
I didn't see this initially (RTFM Darren....RTFM....). HTTPS Strict Transport Security (HSTS).....what's that? I call on the all knowing Wikipedia for a short answer...... It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections,and never via the insecure HTTP protocol Basically it prevents some downgrade attacks, some man in the middle attacks and some cookie hijacking attacks. Now you




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition