Solved

Domino not switching to TLS 1.0

Posted on 2015-02-03
4
823 Views
Last Modified: 2015-02-04
We need to do HTTPS on our Domino 8.5.2 servers.
Browsers no longer support SSL3.0
IBM indicates that Fix Pack 4 handles the "Poodle" issue: forcing TLS 1.0
We upgraded our server with lotus_domino852FP4.exe downloaded from IBM.
Problem:  it still doesn't work.  It looks like Domino HTTP is not forcing a switch to TLS 1.0.
All browsers (IE, Firefox, Chrome) report errors.  For example:
IE:  This page can’t be displayed.  Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://192.168.10.96  again. If this error persists, contact your site administrator. --> TLS 1.0 is on.

So it looks like the "fix" didn't take.  Or is there another configuration I missed.
0
Comment
Question by:Francois Koutchouk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 46

Accepted Solution

by:
Sjef Bosman earned 500 total points
ID: 40587602
I suppose you followed the guidelines on this page: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/IBM_Domino_TLS_1.0 and you downloaded 8.5.2 Fix Pack 4 Interim Fix 3. Correct?

Firefox is TLS enabled, so it seems, but you could maybe get more info using Force-TLS, see https://addons.mozilla.org/en-US/firefox/addon/force-tls/
0
 
LVL 1

Author Comment

by:Francois Koutchouk
ID: 40587668
Right on.  I loaded FP4... turns out I needed FP4 plus the FP4 Interim Fix3.  How in the world would anyone know that the FP4 downloaded from IBM did not contain, ah, fixes?!  Perhaps calling it FP5 would have confused the outside world a touch less!
In any case, thanks.
0
 
LVL 46

Expert Comment

by:Sjef Bosman
ID: 40588106
"Oh no, oh nonononono.... Can't do that, sir, there's one FP every 4 months, so if there are big bugs we can't call it an FP. Oh no. That's an Interim Fix, see, and at the end of our 4 months we'll include the IF in the FP. Otherwise we'd have FPs all over the place. Would be bad, wouldn't it?"

Thanks! ;-)
0
 
LVL 1

Author Comment

by:Francois Koutchouk
ID: 40588371
Nice insight.  Though, one would have expected an FP5 at the next scheduled FP release, perhaps identical to the FP4 Fix 3.  Logic in blue, I gather!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

You’ve got a lotus Domino web server, and you have been told that “leverage browser caching” is a must do. This means that we have to tell the browser everywhere in the web to use cache. In other words, we set (and send) an expiration date in the HT…
I thought it will be a good idea to make a post as it will help in case someone else faces these issues. I trust this gives an idea how each entry in Notes.ini can mean a lot for the Domino Server to be functioning properly. This article discusses t…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question