Behold, the silence has ended.....the crescendo that is IBM has finally lifted the veil on some fixes for some very large security holes....AFAIK these are native Domino fixes for all platforms. I'm unsure of the protocols supported, but my understanding is all of them, but only time will tell.

These are not available yet, but should be in "weeks"...

First up, fix POODLE outlined in Technote 1687167. This is coming to:
  • 9.0.1 FP2
  • 9.0
  • 8.5.3 FP6
  • 8.5.2 FP4
  • 8.5.1 FP5

I think that is every supported Domino platform.  

Second is SHA2 support and TLS 1.2 support, as outlined in Technote 1418982. This is coming to
  • 9.x

This is great news, however if you need TLS 1.2 or SHA2 on 8.5.x you are out of luck....but you can still use my reverse proxy for that scenario.
Darren Duke   |   October 21 2014 10:53:44 AM   |    domino  security    |  
  |   Next Document   |   Previous Document

Discussion for this entry is now closed.

Comments (3)

Gravatar Image
1 - Ray Bilyk    http://www.thepridelands.com    10/21/2014 11:18:29 AM

Forward progress!!!

Gravatar Image
2 - Vitor Pereira       10/21/2014 1:38:09 PM

"Second is SHA2 support and TLS 1.2 support" - TLS 1.2 is only with the IHS Proxy solution. In Domino they will only implement TLS 1.0 (15 years old) with the new fix.

Gravatar Image
3 - Darren Duke    http://blog.darrenduke.net    10/22/2014 4:37:43 AM

@1, You are right, there is no mention of TLS 1.2 in the technotes. I am working on clarification from IBM.