May 20 2015 Wednesday
Good news - Domino (at least 9.0.1) does not seem to be affected by the LogJam TLS vuln
Another week, another SSL/TLS security vulnerability. This one is termed Logjam (read about it here http://www.theregister.co.uk/2015/05/20/logjam_johns_hopkins_cryptoboffin_ids_next_branded_bug).
Luckily a site has already been created to test your web servers, it is available at https://weakdh.org/sysadmin.html.
A quick test of a Domino 9.0.1 server with the latest FP & IF and the perfect forward secrecy server-side notes.ini settings enabled (see this previous blog post for those settings) you get this result:
Using my free Apache reverse proxy you'll get this (which is slightly better as Domino doesn't support ECDHE):
Either way, using the latest version of Domino with the right cipher list you should be OK. Again I ask.....when will Domino get ECDHE? I don't think this a "nice to have" any longer.
Luckily a site has already been created to test your web servers, it is available at https://weakdh.org/sysadmin.html.
A quick test of a Domino 9.0.1 server with the latest FP & IF and the perfect forward secrecy server-side notes.ini settings enabled (see this previous blog post for those settings) you get this result:
Using my free Apache reverse proxy you'll get this (which is slightly better as Domino doesn't support ECDHE):
Either way, using the latest version of Domino with the right cipher list you should be OK. Again I ask.....when will Domino get ECDHE? I don't think this a "nice to have" any longer.
Thanks for the info , great job.