TLS 1.2 support in Domino 9.0.1 Fix Pack 3 Interim Fix 2

by Volker Weber

Domino 9.0.1FP3IF2 — that's short for "Domino 9.0.1 Fix Pack 3 Interim Fix 2 (released March 27, 2015)" — introduces TLS 1.2 support. That is both important and overdue. Installing the Interim Fix is not enough. Daniel explains what settings need to be changed. It's complicated.

Comments

Extremely overdue.
Looks like IBM finally woke up.

Manfred Wiktorin, 2015-03-31

And the IHS support in Domino 9 is called deprecated now. Fun for all those customers who recently migrated their SSL certificates from Domino kyr to IHS kdb and now can do the same in the opposite direction.

Oliver Regelmann, 2015-03-31

IHS is a bag of hurt. So i doubt that many customers would miss it.

Manfred Wiktorin, 2015-03-31

for people not in the know: nginx is a free and excellent alternative to IHS available for quite some time. It also does a lot more, and frees up Domino resources.

Google nginx and Domino to find the articles about how to set it up.

Lars Berntrop-Bos, 2015-04-01

Well it's not like Microsoft Exchange did a lot better: just a few days ago Cumulative Update 8 finally removed a hard-coded restriction that forced unsecure (SSLv3 or TLS1.0) email transportation...

http://support.microsoft.com/en-us/kb/3045301 (SMTP is not transported over TLS 1.1 or TLS 1.2 protocol in an Exchange Server 2013 environment)

Ralf ter Veer, 2015-04-01

Broken link. The link to Daniel's blog post has a typo in the URL. "fp2" instead of "fp3". Once I changed that, it worked.

Scott Vrusho, 2015-04-01

Thanks, Scott. Fixed. As you can imagine, I don't type URLs but copy them. Looks like Daniel changed a typo in the header which then changed the URL. All good now.

Volker Weber, 2015-04-01

Sorry I tried to just change the typo in the text but it also changed the link ...
There are more postings about the fixes and there are also new Wiki entries posted on the IBM Domino Wiki. I have updated my posts with that info as well.

And there is a presentation I did at Engage conference with some more details.

@Lars, not all options of the nginx solution are free. But it is a good product.
If you are running SMTP TLS Extension you might not have a proxy in front of your server and need the new TLS fixes.


-- Daniel

Daniel Nashed, 2015-04-02

Recent comments

Karl Heindel on Und der Gewinner ist ... at 14:30
Karl Heindel on Und der Gewinner ist ... at 14:26
Felix Binsack on Und der Gewinner ist ... at 14:01
Mathias Ziolo on Und der Gewinner ist ... at 13:56
Kiki Thaerigen on Und der Gewinner ist ... at 13:52
Ingo Seifert on Und der Gewinner ist ... at 13:33
Stuart McIntyre on What happened to Connections Pink? at 13:23
Ben Uris on Upgrade to iOS 12 now at 12:48
Bernd Hofmann on Und der Gewinner ist ... at 12:31
Marc Henkel on Und der Gewinner ist ... at 12:17
Andreas Kurtz on Und der Gewinner ist ... at 12:16
Torsten Rox-Edling on Und der Gewinner ist ... at 12:03
Volker Weber on Und der Gewinner ist ... at 11:30
Jonas Rathert on Und der Gewinner ist ... at 11:25
Tim Clark on What happened to Connections Pink? at 11:18
Johannes Matzke on Zeier jr. (3): 'Das war der Papa der Siri-Frau' at 06:50
John sauder on What happened to Connections Pink? at 23:39
Volker Weber on Upgrade to iOS 12 now at 21:50
Tobias van der Plas on Upgrade to iOS 12 now at 21:40
Samuel Orsenne on Apple supports more iPhones than ever at 20:41
Volker Weber on Apple supports more iPhones than ever at 19:14
Ananya Gupta on Apple supports more iPhones than ever at 19:09
Ingo Seifert on Upgrade to iOS 12 now at 18:18
Andreas Pfau on Apple supports more iPhones than ever at 18:16
Samuel Orsenne on Apple supports more iPhones than ever at 17:45

Ceci n'est pas un blog

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.

vowe

Contact
Publications
Stuff that works
Amazon Wish List
Frequently Asked Questions

rss feed  twitter  amazon

Local time is 14:32

visitors.gif

buy me coffee