?
Solved

Domino not switching to TLS 1.0

Posted on 2015-02-03
4
Medium Priority
?
921 Views
Last Modified: 2015-02-04
We need to do HTTPS on our Domino 8.5.2 servers.
Browsers no longer support SSL3.0
IBM indicates that Fix Pack 4 handles the "Poodle" issue: forcing TLS 1.0
We upgraded our server with lotus_domino852FP4.exe downloaded from IBM.
Problem:  it still doesn't work.  It looks like Domino HTTP is not forcing a switch to TLS 1.0.
All browsers (IE, Firefox, Chrome) report errors.  For example:
IE:  This page can’t be displayed.  Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.10.96  again. If this error persists, contact your site administrator. --> TLS 1.0 is on.

So it looks like the "fix" didn't take.  Or is there another configuration I missed.
0
Comment
Question by:Francois Koutchouk
  • 2
  • 2
4 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 2000 total points
ID: 40587602
I suppose you followed the guidelines on this page: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0 and you downloaded 8.5.2 Fix Pack 4 Interim Fix 3. Correct?

Firefox is TLS enabled, so it seems, but you could maybe get more info using Force-TLS, see https://addons.mozilla.org/en-US/firefox/addon/force-tls/
0
 
LVL 2

Author Comment

by:Francois Koutchouk
ID: 40587668
Right on.  I loaded FP4... turns out I needed FP4 plus the FP4 Interim Fix3.  How in the world would anyone know that the FP4 downloaded from IBM did not contain, ah, fixes?!  Perhaps calling it FP5 would have confused the outside world a touch less!
In any case, thanks.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 40588106
"Oh no, oh nonononono.... Can't do that, sir, there's one FP every 4 months, so if there are big bugs we can't call it an FP. Oh no. That's an Interim Fix, see, and at the end of our 4 months we'll include the IF in the FP. Otherwise we'd have FPs all over the place. Would be bad, wouldn't it?"

Thanks! ;-)
0
 
LVL 2

Author Comment

by:Francois Koutchouk
ID: 40588371
Nice insight.  Though, one would have expected an FP5 at the next scheduled FP release, perhaps identical to the FP4 Fix 3.  Logic in blue, I gather!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lack of Storage capacity is a common problem that exists in every field of life. Here we are taking the case of Lotus Notes Emails, as we all know that we are totally depend on e-communication i.e. Emails. This article is fully dedicated to resolvin…
IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month15 days, 14 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question