Thank you to IBM just in the nick of time : SMTP TLS 1.0

Update : XPages has stopped working on the server that I applied this fix to. This may be a total red herring and specific to my server but I though I should mention it. The server was 853 FP3 and I went to FP3 FP6 and then IF4. It is on CentOS and gets hacked about a bit as it is an internal dev server so it may not be typical. i will look at it again tomorrow. For now I have reinstalled 853 and all seems well – apart from no TLS obviously

Just deployed FP6 IF 4 to a production grade system and all went well – < 10 mins down time

=============================================================

IBM has released fix packs to allow SMTP mail to be routed via TLS 1.0 rather than SSL V3 to eliminate the Poodle vulnerability. It is very straight forward to apply. The fix pack also covers HTTP traffic too so no more Apache Reverse Proxy servers unless you want them for other reasons.

This is the 853 FP6 IF4 release – http://www-01.ibm.com/support/docview.wss?uid=swg21663874

Interestingly today we had our first emails that were being rejected by recipients because of SSL V3 so this is very timely.

Many thanks IBM.

2 Replies to “Thank you to IBM just in the nick of time : SMTP TLS 1.0”

  1. if you’re using the extension library or you’ve done java ssl keyring stuff for customer integration, when you did the upgrade it may have over-written stuff in your

    [notes]/jvm/lib/security/
    or
    [notesdata]/domino/workspace/

    directories.

    1. Thanks Andrew, it all worked fine when I did a re-install of vanilla 853 with no Fix Packs over the top of 853 / FP6 / IF4 that didn’t work. I will be trying a cleaner production system tonight so I will see what happens.

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 8 =