Another week, another SSL/TLS security vulnerability. This one is termed Logjam (read about it here http://www.theregister.co.uk/2015/05/20/logjam_johns_hopkins_cryptoboffin_ids_next_branded_bug).

Luckily a site has already been created to test your web servers, it is available at https://weakdh.org/sysadmin.html.

A quick test of a Domino 9.0.1 server with the latest FP & IF and the perfect forward secrecy server-side notes.ini settings enabled (see this previous blog post for those settings) you get this result:

Image:Good news - Domino (at least 9.0.1) does not seem to be affected by the LogJam TLS vuln

Using my free Apache reverse proxy you'll get this (which is slightly better as Domino doesn't support ECDHE):

Image:Good news - Domino (at least 9.0.1) does not seem to be affected by the LogJam TLS vuln

Either way, using the latest version of Domino with the right cipher list you should be OK. Again I ask.....when will Domino get ECDHE? I don't think this a "nice to have" any longer.
Darren Duke   |   May 20 2015 02:06:44 PM   |    domino  security  ssl    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (1)

Gravatar Image
1 - Charles Reid       06/04/2015 8:15:08 AM

Thanks for the info , great job.