Solved

Domino not switching to TLS 1.0

Posted on 2015-02-03
4
783 Views
Last Modified: 2015-02-04
We need to do HTTPS on our Domino 8.5.2 servers.
Browsers no longer support SSL3.0
IBM indicates that Fix Pack 4 handles the "Poodle" issue: forcing TLS 1.0
We upgraded our server with lotus_domino852FP4.exe downloaded from IBM.
Problem:  it still doesn't work.  It looks like Domino HTTP is not forcing a switch to TLS 1.0.
All browsers (IE, Firefox, Chrome) report errors.  For example:
IE:  This page can’t be displayed.  Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.10.96  again. If this error persists, contact your site administrator. --> TLS 1.0 is on.

So it looks like the "fix" didn't take.  Or is there another configuration I missed.
0
Comment
Question by:FKoutchouk
  • 2
  • 2
4 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
ID: 40587602
I suppose you followed the guidelines on this page: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0 and you downloaded 8.5.2 Fix Pack 4 Interim Fix 3. Correct?

Firefox is TLS enabled, so it seems, but you could maybe get more info using Force-TLS, see https://addons.mozilla.org/en-US/firefox/addon/force-tls/
0
 
LVL 1

Author Comment

by:FKoutchouk
ID: 40587668
Right on.  I loaded FP4... turns out I needed FP4 plus the FP4 Interim Fix3.  How in the world would anyone know that the FP4 downloaded from IBM did not contain, ah, fixes?!  Perhaps calling it FP5 would have confused the outside world a touch less!
In any case, thanks.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 40588106
"Oh no, oh nonononono.... Can't do that, sir, there's one FP every 4 months, so if there are big bugs we can't call it an FP. Oh no. That's an Interim Fix, see, and at the end of our 4 months we'll include the IF in the FP. Otherwise we'd have FPs all over the place. Would be bad, wouldn't it?"

Thanks! ;-)
0
 
LVL 1

Author Comment

by:FKoutchouk
ID: 40588371
Nice insight.  Though, one would have expected an FP5 at the next scheduled FP release, perhaps identical to the FP4 Fix 3.  Logic in blue, I gather!
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

IBM Notes offer Encryption feature using which the user can secure its NSF emails or entire database easily. In this section we will discuss about the process to Encrypt Incoming and Outgoing Mails in depth.
This article covers general Notes 8.5 troubleshooting information including recreating the Notes\Data folder.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now