?
Solved

Domino not switching to TLS 1.0

Posted on 2015-02-03
4
Medium Priority
?
863 Views
Last Modified: 2015-02-04
We need to do HTTPS on our Domino 8.5.2 servers.
Browsers no longer support SSL3.0
IBM indicates that Fix Pack 4 handles the "Poodle" issue: forcing TLS 1.0
We upgraded our server with lotus_domino852FP4.exe downloaded from IBM.
Problem:  it still doesn't work.  It looks like Domino HTTP is not forcing a switch to TLS 1.0.
All browsers (IE, Firefox, Chrome) report errors.  For example:
IE:  This page can’t be displayed.  Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.10.96  again. If this error persists, contact your site administrator. --> TLS 1.0 is on.

So it looks like the "fix" didn't take.  Or is there another configuration I missed.
0
Comment
Question by:Francois Koutchouk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 2000 total points
ID: 40587602
I suppose you followed the guidelines on this page: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0 and you downloaded 8.5.2 Fix Pack 4 Interim Fix 3. Correct?

Firefox is TLS enabled, so it seems, but you could maybe get more info using Force-TLS, see https://addons.mozilla.org/en-US/firefox/addon/force-tls/
0
 
LVL 2

Author Comment

by:Francois Koutchouk
ID: 40587668
Right on.  I loaded FP4... turns out I needed FP4 plus the FP4 Interim Fix3.  How in the world would anyone know that the FP4 downloaded from IBM did not contain, ah, fixes?!  Perhaps calling it FP5 would have confused the outside world a touch less!
In any case, thanks.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 40588106
"Oh no, oh nonononono.... Can't do that, sir, there's one FP every 4 months, so if there are big bugs we can't call it an FP. Oh no. That's an Interim Fix, see, and at the end of our 4 months we'll include the IF in the FP. Otherwise we'd have FPs all over the place. Would be bad, wouldn't it?"

Thanks! ;-)
0
 
LVL 2

Author Comment

by:Francois Koutchouk
ID: 40588371
Nice insight.  Though, one would have expected an FP5 at the next scheduled FP release, perhaps identical to the FP4 Fix 3.  Logic in blue, I gather!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For users on the Lotus Notes 8 Standard client, this article provides information on checking the Java Heap size and adjusting it to half of your system RAM in attempt to get the Lotus Notes 8.x Standard client to run faster.  I've had to exercise t…
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question