TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2

by Volker Weber

Domino 9.0.1FP3IF2 — that's short for "Domino 9.0.1 Fix Pack 3 Interim Fix 2 (released March 27, 2015)" — introduces TLS 1.2 support. That is both important and overdue. Installing the Interim Fix is not enough. Daniel explains what settings need to be changed. It's complicated.

Comments

Extremely overdue.
Looks like IBM finally woke up.

Manfred Wiktorin, 2015-03-31

And the IHS support in Domino 9 is called deprecated now. Fun for all those customers who recently migrated their SSL certificates from Domino kyr to IHS kdb and now can do the same in the opposite direction.

Oliver Regelmann, 2015-03-31

IHS is a bag of hurt. So i doubt that many customers would miss it.

Manfred Wiktorin, 2015-03-31

for people not in the know: nginx is a free and excellent alternative to IHS available for quite some time. It also does a lot more, and frees up Domino resources.

Google nginx and Domino to find the articles about how to set it up.

Lars Berntrop-Bos, 2015-04-01

Well it's not like Microsoft Exchange did a lot better: just a few days ago Cumulative Update 8 finally removed a hard-coded restriction that forced unsecure (SSLv3 or TLS1.0) email transportation...

http://support.microsoft.com/en-us/kb/3045301 (SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2013 environment)

Ralf ter Veer, 2015-04-01

Broken link. The link to Daniel's blog post has a typo in the URL. "fp2" instead of "fp3". Once I changed that, it worked.

Scott Vrusho, 2015-04-01

Thanks, Scott. Fixed. As you can imagine, I don't type URLs but copy them. Looks like Daniel changed a typo in the header which then changed the URL. All good now.

Volker Weber, 2015-04-01

Sorry I tried to just change the typo in the text but it also changed the link ...
There are more postings about the fixes and there are also new Wiki entries posted on the IBM Domino Wiki. I have updated my posts with that info as well.

And there is a presentation I did at Engage conference with some more details.

@Lars, not all options of the nginx solution are free. But it is a good product.
If you are running SMTP TLS Extension you might not have a proxy in front of your server and need the new TLS fixes.


-- Daniel

Daniel Nashed, 2015-04-02

Recent comments

Roland Dressler on Lange erwartet :: Neue AirPods at 10:43
Arne Sigurd Rognan Nielsen on Now is a good time to buy a new iMac at 10:40
Frank Köhler on Lange erwartet :: Neue AirPods at 18:55
Jochen Schug on Lange erwartet :: Neue AirPods at 17:28
Michael Hertlein on Lange erwartet :: Neue AirPods at 16:52
Friedrich Holstein on Lange erwartet :: Neue AirPods at 16:41
Volker Weber on Lange erwartet :: Neue AirPods at 14:43
Michael Hertlein on Lange erwartet :: Neue AirPods at 13:44
Stefan Kremer on Lange erwartet :: Neue AirPods at 12:44
Volker Weber on Invoxia Triby :: Ein starker Zwerg at 10:44
Frank Köhler on Lange erwartet :: Neue AirPods at 21:00
Sven Bühler on Lange erwartet :: Neue AirPods at 20:44
Dominique Roller on Lange erwartet :: Neue AirPods at 20:05
Martin Kirchler on Lange erwartet :: Neue AirPods at 16:12
Volker Weber on Lange erwartet :: Neue AirPods at 16:06
Roland Dressler on Lange erwartet :: Neue AirPods at 15:31
Dietmar Liehr on Gestern in der Tagesschau at 12:55
Torsten Armbruster on Invoxia Triby :: Ein starker Zwerg at 12:49
Markus Dierker on Invoxia Triby :: Ein starker Zwerg at 12:06
Volker Weber on Now is a good time to buy a new iMac at 11:28
Axel Borschbach on Now is a good time to buy a new iMac at 11:24
Maik Endler on Orientierung im iPad-Angebot at 09:34
Volker Weber on Gestern in der Tagesschau at 09:12
Manfred Wiktorin on Gestern in der Tagesschau at 09:09
Rafael Mayoral on Orientierung im iPad-Angebot at 07:33

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 10:58

visitors.gif

buy me coffee

Paypal vowe