December 12 2014 Friday
How to disable SSLv3 in Domino
In my POODLE TLS post from a few days back, there was a comment asking how to fully disabling SSLv3 in Domino. You'll notice in the comments I mention that there is a way but at the time it was under NDA. Well, apparently not anymore....
Now, fair warning this may not yet be supported by IBM so if you choose to do this, you do it at your own risk (while under NDA on this, it was stated that is unsupported so YMMV).
According to this post on the Domino wiki, you can use this server notes.ini setting to fully disable SSLv3 but still keep TLS working.:
If you need this, test it before you put it into production. I have not yet done this, but everyone I know that has has had no issues so far. Again YMMV.
Now, fair warning this may not yet be supported by IBM so if you choose to do this, you do it at your own risk (while under NDA on this, it was stated that is unsupported so YMMV).
According to this post on the Domino wiki, you can use this server notes.ini setting to fully disable SSLv3 but still keep TLS working.:
DEBUG_UNSUPPORTED_DISABLE_SSLV3=17
If you need this, test it before you put it into production. I have not yet done this, but everyone I know that has has had no issues so far. Again YMMV.
Darren Duke
|
December 12 2014 06:39:06 AM
|
domino tls ssl poodle security
|
Discussion for this entry is now closed.
Comments (4)
While I'm whining about things, "{ http://simplified-tech.com/" works but " } works but "{ http://www.simplified-tech.com/" does not. } does not.
@Craig, I did say test right? ;)
As for the site, thanks for the heads up. We lost a server last week and the DNS for www was missed as it seems GoDaddy has now decided paged, non-alphabetical "A" records listing is a good idea. Should be fixed in a few hours.
I did say test... ;-) I merely report the results of my testing.
This INI setting aparently disables SMTP TLS. With that settings, I get "Your server's response did not include "250-STARTTLS" indicating TLS support." from SMTP SSL/TLS settings test sites.