fighting for truth, justice, and a kick-butt lotus notes experience.

If you want SHA-2 Support for Domino HTTP add yourself to Enhancement Request ABAI7SASE6

 August 22 2014 06:41:23 PM
"IBM Domino support has received several questions and PMRs recently regarding SHA-2 support within Domino. SHA-2 is currently supported with x.509 certificate for s/mime in the Domino environment.
At this time, the Domino kyr file does not provide native support for SHA-2 certificates for protocols such as LDAPS, HTTPS, DIIOPS, etc.

We are aware that Certificate Authorities are no longer offering SHA1 certs by default, and many browsers will soon depreciate their trust of SHA1.

For HTTP requests (on the Windows server platform), we currently recommend using the IHS proxy server, available starting with Domino 9.0:

*Link to presentation on Implementing TLS support with IBM Domino 9.x and IBM HTTP Server (IHS)
*Link to IHS reference: http://publib.boulder.ibm.com/httpserv/ihsdiag/ssl_questions.html


At this time, the request to provide full native support for SHA-2 is currently under investigation by the Domino Development team:

Enhancement Request Number: ABAI7SASE6

Technote reference: http://www-01.ibm.com/support/docview.wss?uid=swg21418982  
APAR reference: http://www-01.ibm.com/support/docview.wss?uid=swg1LO48388  

If you also desire this functionality in your environment, we encourage you to open a PMR and add your company to the enhancement request . This alerts our development team to the continued interest for this feature, which is not a guarantee of a solution or fix, just an inclusion to this existing enhancement request for this feature to be considered for a future release
."

Please add yourself to the Enhancement Request or participate in the discussion started by Amy Knox (IBM):

http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8

Update 21.10.2014:

Check out the latest Technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21418982


Kommentare

1Mats Ekman  10/16/2014 1:57:10 PM  If you want SHA-2 Support for Domino HTTP add yourself to Enhancement Request ABAI7SASE6

I guess in the context of Poodle TLS not SHA-2 is critical, but anyway here is how to get SHA-2 working with Domino 9 without IBM HTTP.

{ Link }

TLS is NOT SOLVED by this only SHA-2.

Regards

Mats

  •  
  • Hinweis zum Datenschutz und Datennutzung:
    Bitte lesen Sie unseren Hinweis zum Datenschutz bevor Sie hier einen Kommentar erstellen.
    Zur Erstellung eines Kommentar werden folgende Daten benötigt:
    - Name
    - Mailadresse
    Der Name kann auch ein Nickname/Pseudonym sein und wird hier auf diesem Blog zu Ihrem Kommentar angezeigt. Die Email-Adresse dient im Fall einer inhaltlichen Unklarheit Ihres Kommentars für persönliche Rückfragen durch mich, Detlev Pöttgen.
    Sowohl Ihr Name als auch Ihre Mailadresse werden nicht für andere Zwecke (Stichwort: Werbung) verwendet und auch nicht an Dritte übermittelt.
    Ihr Kommentar inkl. Ihrer übermittelten Kontaktdaten kann jederzeit auf Ihren Wunsch hin wieder gelöscht werden. Senden Sie in diesem Fall bitte eine Mail an blog(a)poettgen(punkt)eu

  • Note on data protection and data usage:
    Please read our Notes on Data Protection before posting a comment here.
    The following data is required to create a comment:
    - Name
    - Mail address
    The name can also be a nickname/pseudonym and will be displayed here on this blog with your comment. The email address will be used for personal questions by me, Detlev Pöttgen, in the event that the content of your comment is unclear.
    Neither your name nor your e-mail address will be used for any other purposes (like advertising) and will not be passed on to third parties.
    Your comment including your transmitted contact data can be deleted at any time on your request. In this case please send an email to blog(a)poettgen(dot)eu

Archive