Below you can see the complete change log of fix for Domino
|IBMi:TLS1.2 support for system SSL on IBM i Domino
|TLS 1.2 Client handshake request rejected by Server if server certificate chain signature type not supported by the client
|TLS 1.2 Notes / Domino as a TLS client rejects handshake with server if no common signature algorithm available
|Remove RC4-SHA from the default cipher list for TLS 1.2
|Crash Problem in kyr caching
|Implement HSTS (Http Strict Transport Security).This header informs supported browsers that the site should only be accessed over an SSL-protected connection (HTTPS)
|Add IP Information to HTTP Thread logs for SSL Handshake connections
|Passing a directory to kyrtool will crash the tool
|kyrtool import all sometimes reports SECIssUpdateKeyringPrivateKey returned error 0x0720, AVA separator not found or Syntax error in OID when a \ is in a certificate name part
|Add more detailed logging for SSL/TLS connections to help diagnose failed connections.
|New notes.ini SSL_DISABLE_TLS_10 to support Disabling TLS1.0 for compliance reasons. Used in conjunction with existing DISABLE_SSLV3=1 allows you to limit communication to TLS 1.2 only for protocols: HTTP, SMTP, LDAP, POP3 & IMAP
|Added SHA-256 cipher specs for increased security with TLS 1.2
|Added Advanced Encryption Standard (AES) Galois/Counter Mode for increased security with TLS 1.2
|Added Perfect Forward Secrecy (PFS) via Ephemeral Diffie-Hellman (DHE) cipher specs for SSL/TLS
|Notes / Domino Support for TLS 1.2 (Transport Layer Security 1.2) with protocols: HTTP, SMTP, LDAP, POP3 & IMAP
|Add pinning to SHA-256 for TLS 1.2
|Namelookup retrieval via remote LDAP does not retrieve correct attributes
|Administrator Client Shows Wrong File Sizes of database with DAOS size>0 After Server Restart
In this page you can find also the change log for Notes and all the download links.
If you have configured any internet protocol on your server , plan the upgrade to this IF soon as possible !