This is the compleate features list:
Added support for TLS 1.0:
- Inbound and outbound connections
- Over all protocols (HTTP, SMTP, LDAP, POP3, IMAP & DIIOP)
- All platforms including support for IBM iSeries running System_SSL
- SSL/TLS Session resumption
- Client certificate authentication
- TLS protocol support for TLS_FALLBACK_SCSV Signaling Cipher Suite Value to protect browser clients that also support TLS_FALLBACK_SCSV against downgrade attacks.
- Will negotiate from TLS 1.0 and SSLv3 if other party does not support TLS 1.0. Note that protocol version *negotiation* is a different thing entirely from protocol *fallback*, as described in POODLE.
- The cipher suite list offered by Domino when making outbound connections has been re-ordered to place the AES ciphers first.
- Serviceability enhancements to make logging more thorough and easier to read and understand
- SSL renegotiation has been disabled
- All weak (<128 bits) cipher suites have been disabled
Here a link to the wiki article for TLS fix
The SHA-2 support was insert through a new command line tool named Kyrtool who could handle SHA-2 request and import SHA-2 certificate in Domino kyr files.
This tool could work only with Domino 9.01 FP2 IF1 and 9.0 IF6 , so here you have another reason to upgrade your Domino environment to 9 if you are still on older release !