TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2

by Volker Weber

Domino 9.0.1FP3IF2 — that's short for "Domino 9.0.1 Fix Pack 3 Interim Fix 2 (released March 27, 2015)" — introduces TLS 1.2 support. That is both important and overdue. Installing the Interim Fix is not enough. Daniel explains what settings need to be changed. It's complicated.


Extremely overdue.
Looks like IBM finally woke up.

Manfred Wiktorin, 2015-03-31 11:17

And the IHS support in Domino 9 is called deprecated now. Fun for all those customers who recently migrated their SSL certificates from Domino kyr to IHS kdb and now can do the same in the opposite direction.

Oliver Regelmann, 2015-03-31 13:19

IHS is a bag of hurt. So i doubt that many customers would miss it.

Manfred Wiktorin, 2015-03-31 15:02

for people not in the know: nginx is a free and excellent alternative to IHS available for quite some time. It also does a lot more, and frees up Domino resources.

Google nginx and Domino to find the articles about how to set it up.

Lars Berntrop-Bos, 2015-04-01 01:53

Well it's not like Microsoft Exchange did a lot better: just a few days ago Cumulative Update 8 finally removed a hard-coded restriction that forced unsecure (SSLv3 or TLS1.0) email transportation... (SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2013 environment)

Ralf ter Veer, 2015-04-01 16:21

Broken link. The link to Daniel's blog post has a typo in the URL. "fp2" instead of "fp3". Once I changed that, it worked.

Scott Vrusho, 2015-04-01 20:37

Thanks, Scott. Fixed. As you can imagine, I don't type URLs but copy them. Looks like Daniel changed a typo in the header which then changed the URL. All good now.

Volker Weber, 2015-04-01 20:40

Sorry I tried to just change the typo in the text but it also changed the link ...
There are more postings about the fixes and there are also new Wiki entries posted on the IBM Domino Wiki. I have updated my posts with that info as well.

And there is a presentation I did at Engage conference with some more details.

@Lars, not all options of the nginx solution are free. But it is a good product.
If you are running SMTP TLS Extension you might not have a proxy in front of your server and need the new TLS fixes.

-- Daniel

Daniel Nashed, 2015-04-02 18:32

Recent comments

Stefano Benassi on DNUGcomes2me at 13:10
Oliver Regelmann on Notes/Domino: Neues Leben für die Kollaborationsplattform at 22:54
Stuart McKay on DNUGcomes2me at 22:10
Hubert Stettner on Lindt :: Oh yeah at 20:20
Volker Weber on Notes/Domino: Neues Leben für die Kollaborationsplattform at 16:30
Markus Dierker on Notes/Domino: Neues Leben für die Kollaborationsplattform at 16:21
Mark Barton on DNUGcomes2me at 14:37
Lutz Haller on DNUGcomes2me at 14:08
Volker Weber on Lindt :: Oh yeah at 11:52
Andrew Magerman on Lindt :: Oh yeah at 11:02
Lars Berntrop-Bos on Lindt :: Oh yeah at 08:32
Ragnar Schierholz on Lindt :: Oh yeah at 22:42
Stephan H. Wissel on DNUGcomes2me at 17:34
Volker Weber on DNUGcomes2me at 12:05
Henning Heinz on DNUGcomes2me at 10:01
Markus Dierker on DNUGcomes2me at 08:21
Axel Koerv on #dnug45 im darmstadtium at 19:52
Volker Weber on Elgato Eve Flare :: Erste Eindrücke at 19:18
Thomas Cloer on Elgato Eve Flare :: Erste Eindrücke at 17:34
Jochen Kattoll on Sonos, AirPods, Plantronics. Und Podcasts. at 12:40
Stephan Perthes on Elgato Eve Flare :: Erste Eindrücke at 10:49
Oswald Prucker on #dnug45 im darmstadtium at 10:17
Volker Weber on #dnug45 im darmstadtium at 09:44
Ingo Spichal on #dnug45 im darmstadtium at 09:14
Hendrik Brunn on Elgato Eve Flare :: Erste Eindrücke at 23:23

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter amazon

Local time is 02:42


buy me coffee