Daniel Nashed 21 December 2014 00:30:09As reported before the IF that introduced TLS 1.0 is vulnerable to the new PODDLE issue.
IBM released a new IF for all supported versions that fixes this issue.
After installing the IF you can re-enable the CBC ciphers which are now reported as not vulnerable by the SSL Labs Test site.
In addition to this fix IBM officially introduces a new notes.ini variable to disable SSL V3.
DISABLE_SSLV3=1 will disable SSL V3 completely. But as mentioned before you should be completely sure if you want to completely disable SSL V3.
SPR #KLYH9QXMQE: Disable SSL ini:
SPR #KLYH9RMJGL: CVE-2014-8730 TLS 1.x Padding Vulnerability
There is a reference technote and a list of IFs for all supported releases.
Security Bulletin: TLS Padding Vulnerability affects IBM Domino (CVE-2014-8730)
Fixes for this issue are currently available
9.0.1 Fix Pack 2 Interim Fix 3
9.0 Interim Fix 7
8.5.3 Fix Pack 6 Interim Fix 6
8.5.2 Fix Pack 4 Interim Fix 3
8.5.1 Fix Pack 5 Interim Fix 3
- Comments