So in October of 2014 I wrote about the upcoming TLS (transport layer security) enhancements that IBM was planning to bring to IBM Domino as part of the industry wide panic about the POODLE attack which I still consider mainly theoretical. I was a bit critical towards IBM as they chose to patch their seriously lacking SSL v. 1.3 implementation and implement TLS v. 1.0 on top of IBM Domino v. 9.0.x (IBM Domino, POODLE, SHA-1 and why it’s also sad when IBM decides to update the security stack). The reason I was critical was that I thought that you either take security serious and bring the stack to the front of the line (TLS v. 1.2, v. 1.3 in draft) or get out of the game.
Since then I have been pleasantly surprised to hear about the initiatives IBM has going on. At IBM ConnectED 2015 I attended a very nice session by David Kern from IBM and Daniel Nashed (IBM Business Partner) on the TLS and security improvements planned for IBM Domino. Among others was massive cipher suite updates incl. upcoming support for Diffie-Hellman and perfect-forward-secrecy. Cool stuff! Yesterday I was very pleased to see that IBM now has announced the support for TLS v. 1.2 coming in Q1/Q2 of 2015 (the technote is a bit confusing as to when it will be out).
So all appears to be good and IBM is moving in the right direction with this. Very nice.
One thought on “IBM announce dates for bringing TLS v. 1.2 to IBM Domino”
that´s good news, as there´s some rumor that TLS 1.0 won´t be secure in near future as well.
As I understand the technote, there´ll be an interim Fix for FP3 in Q1 2015 and this interim Fix will be included in Q2 2015 with FP4.
It´s worth to mention, that "IBM plans to remove support for IBM HTTP Server (IHS) in a future Domino maintenance release". (http://www-01.ibm.com/support/docview.wss?uid=swg21697303)
So TLS implementation in Domino 9.0.1 will shorten the lifetime of IHS, which was introduced in Domino 9. A very short life for this piece of Software.
<h1 class="ibm-small"> </h1>
Comments are closed.