Saturday, March 28, 2015

IBM Domino 9.0.1 IF2 available with TLS 1.2 !

IBM has released on fixcentral the new IF2 for Domino 9.0.1 FP3 and IF3 for Notes 9.0.1 FP3 with some fixes and the implementation of  TLS 1.2 !!

Below you can see the complete  change log of fix for Domino

LCHG9UPBFM IBMi:TLS1.2 support for system SSL on IBM i Domino
KLYH9URNFY TLS 1.2 Client handshake request rejected by Server if server certificate chain signature type not supported by the client
KLYH9URNJH TLS 1.2 Notes / Domino as a TLS client rejects handshake with server if no common signature algorithm available
KLYH9UQJQN Remove RC4-SHA from the default cipher list for TLS 1.2
KLYH9UPMR7 Crash Problem in kyr caching
RKUR9PEDEB Implement HSTS (Http Strict Transport Security).This header informs supported browsers that the site should only be accessed over an SSL-protected connection (HTTPS)
RGET9TSMKD Add IP Information to HTTP Thread logs for SSL Handshake connections
MKIN9QHT5W Passing a directory to kyrtool will crash the tool
DKEN9RVQGD kyrtool import all sometimes reports SECIssUpdateKeyringPrivateKey returned error 0x0720, AVA separator not found or Syntax error in OID when a \ is in a certificate name part
DKEN9SSUR6 Add more detailed logging for SSL/TLS connections to help diagnose failed connections.
KLYH9UFNWH New notes.ini SSL_DISABLE_TLS_10 to support Disabling TLS1.0 for compliance reasons. Used in conjunction with existing DISABLE_SSLV3=1 allows you to limit communication to TLS 1.2 only for protocols: HTTP, SMTP, LDAP, POP3 & IMAP
KLYH9QKTGH Added SHA-256 cipher specs for increased security with TLS 1.2
KLYH9QKTED Added Advanced Encryption Standard (AES) Galois/Counter Mode for increased security with TLS 1.2
KLYH9QKTBL Added Perfect Forward Secrecy (PFS) via Ephemeral Diffie-Hellman (DHE) cipher specs for SSL/TLS
KLYH9QKT4B Notes / Domino Support for TLS 1.2 (Transport Layer Security 1.2) with protocols: HTTP, SMTP, LDAP, POP3 & IMAP
KLYH9UBNGW Add pinning to SHA-256 for TLS 1.2
RMAS9PFRHP Namelookup retrieval via remote LDAP does not retrieve correct attributes
HCHC9GG66F Administrator Client Shows Wrong File Sizes of database with DAOS size>0 After Server Restart

In this page you can find also the change log for Notes and all the download links.
If you have configured  any internet protocol on your server , plan the upgrade to this IF soon as possible !

No comments:

Post a Comment