Monday, 30 March 2015

Notes 9.0.1 FP3 IF3 - TLS 1.2

IBM Notes 9.0.1 Fix Pack 3 Interim Fix 3 brings TLS (Transport Layer Security) 1.2 (with protocols HTTP, SMTP, LDAP, POP3 & IMAP) including new ciphers.
NOTE: To fully protect the Notes client from the POODLE attack, IBM recommends upgrading to Notes 9.0.1 Fix Pack 3 which combines the JVM SR16FP2 update plus all fixes included in 9.0.1 Fix Pack 2 Interim Fixes.

Downloads:
Notes 901 FP3 IF3 - W32 Basic
Notes 901 FP3 IF3 - W32 Standard

Fix List for Notes 9.0.1 Fix Pack 3 Interim Fix 3:

SPR
Description
KLYH9UBNGW
Add pinning to SHA-256 for TLS 1.2
KLYH9URNJH
TLS 1.2 Notes / Domino as a TLS client rejects handshake with server if no common signature algorithm available
KLYH9URNFY
TLS 1.2 Client handshake request rejected by Server if server certificate chain signature type not supported by the client
KLYH9UQJQN
Remove RC4-SHA from the default cipher list for TLS 1.2
RKUR9PEDEB
Implement HSTS (Http Strict Transport Security).This header informs supported browsers that the site should only be accessed over an SSL-protected connection (HTTPS)
RGET9TSMKD
Add IP Information to HTTP Thread logs for SSL Handshake connections
MKIN9QHT5W
Passing a directory to kyrtool will crash the tool
DKEN9RVQGD
kyrtool import all sometimes reports "SECIssUpdateKeyringPrivateKey returned error 0x0720", "AVA separator not found" or "Syntax error in OID" when a '/' is in a certificate name part
DKEN9SSUR6
Add more detailed logging for SSL/TLS connections to help diagnose failed connections
KLYH9UFNWH
New notes.ini SSL_DISABLE_TLS_10 to support Disabling TLS1.0 for compliance reasons. Used in conjunction with existing DISABLE_SSLV3=1 allows you to limit communication to TLS 1.2 only for protocols: HTTP, SMTP, LDAP, POP3 & IMAP
KLYH9QKTGH
Added SHA-256 cipher specs for increased security with TLS 1.2
KLYH9QKTED
Added Advanced Encrption Standard (AES) Galois/Counter Mode for increased security with TLS 1.2
KLYH9QKTBL
Added Perfect Forward Secrecy (PFS) via Ephemeral Diffie-Hellman (DHE) cipher specs for SSL/TLS
KLYH9QKT4B
Notes / Domino Support for TLS 1.2 (Transport Layer Security 1.2) with protocols: HTTP, SMTP, LDAP, POP3 & IMAP
HCHC9GG66F
Administrator Client Shows Wrong File Sizes of database with DAOS size>0 After Server Restart
IFAY9QZGKG
Getting Error When Using Google calendar Feeds
TTAN8YRHD9
[WINDOWS ONLY] - Additional Time Zone For Salvador & Buenos Aires Shows Incorrect Time

Link : Interim Fixes for 9.0.1.x versions of IBM Notes, Domino, iNotes & Notes Browser Plug-in

Recommended links:
First Perfect Forward Secrecy Ciphers shipped with 9.0.1 FP3 IF2 by Daniel Nashed
Domino 9.0.1 FP3 IF3 is about to ship by Daniel Nashed
Engage conference security presentation by Daniel Nashed
New Version of KyrTool released by Daniel Nashed
TLS 1.2 in Domino and the settings I use by Darren Duke
New Start Script Version 3.0 with systemd support released by Daniel Nashed


No comments:

Post a Comment