IBM Support

TLS 1.2 deliveries for IBM Notes & Domino 9.x

Technote (FAQ)


Question

What are IBM's plans for Notes and Domino support of TLS 1.2?

Answer

As a follow-up to the TLS 1.0 deliveries IBM released in Q4 2014, IBM released TLS 1.2 deliveries in Q1 2015. The TLS 1.2 protocol enhancements are introduced in Interim Fix 2 for Domino 9.0.1 Fix Pack 3 and in Interim Fix 3 for Notes 9.0.1 Fix Pack 3. Download links and specific SPRs addressed in these Interim Fixes may be found at the following link:

The same content was released in Notes & Domino 9.0.1 Fix Pack 4 in June 2015. TLS 1.2 will not be available for 8.5.x releases since the TLS 1.2 specification requires updated cryptographic libraries that are available only in Domino 9.0 and above.


DIIOP and ISpy will support TLS in the upcoming 9.0.1 Fix Pack 5 which currently is due for release in Q4 2015 ( click here to monitor status). Releases prior to 9.0.1 FP5 do not support TLS and will not function if the notes.ini DISABLE_SSLV3=1 is set after the patch is applied. They will continue to work over SSLv3 as long as you do not disable SSLv3 or use a connection without SSL. All other protocols, including HTTP/HTTPS, LDAP/LDAPS, SMTP, IMAP, and POP3 are covered by this new patch. SPRs tracking open issues:

  • PJON9UBQMR - DIIOP connections over SSL fail if SSLv3 is disabled
  • ITDL9U329W - DIIOP task not working for SHA-2 certificates in Domino
  • SVRO9UZRQC - ISpy (runjava) fails to connect if SSLv3 is disabled

IBM is committed
to delivering a secure and reliable offering. It is our intention to continue to address general enhancements including security updates as is our general practice in our product development cycles or in our ongoing subscription updates.


IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.   Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

Related information

What are IBM's plans surrounding IHS support in Domino?
Domino ISpy fails to connect leading to potential Out o
TLS Cipher Configuration
A simplified Chinese translation is available

Document information

More support for: IBM Domino
Security

Software version: 9.0, 9.0.1

Operating system(s): AIX, IBM i, Linux, Windows, z/OS

Software edition: All Editions

Reference #: 1697925

Modified date: 14 October 2015