Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

Security Issue - IBM Domino AES GCM weak nonce generation vulnerability

Daniel Nashed  29 March 2016 12:02:24
There is a new vulnerability affecting AES GCM ciphers which have been introduced in 9.01. FP3 (enabled by default).
For very large data sets, IBM Domino Web servers using TLS and AES GCM generate a weak nonce which could be potentially used for a man-in-the-middle-attack.


All Domino 9 versions supporting those ciphers are affected and there is  new IF (9.0.1 FP5 IF2) which addresses this issue.


The IBM Domino AES GCM weak nonce generation vulnerability is tracked as SPR #KLYHA6ZP4F.

If you cannot update your server you should change your cipher spec to exclude those ciphers.


The following cipher spec would only allow the CBC ciphers and leave out the 6 GCM ciphers currently supported.


notes.ini SSLCipherSpecÀ28006BC0140039C0270067C013003D0035003C002F000A


The better option would be to install IF2.


Also the new Interims Fix includes a couple of other fixes. Including a fix for the Domino Console introduced by disabling MD5 in the last JVM patch as posted before.
There is no detail how SPR #RSSNA6UU79 addressed the console issue. I had no time to test it in detail yet.

Update 31.3.2016: There is a new issue with the Server Controller if you have applied the JVM fix as well.
The solution is to re-install the latest JVM patch which has apparently a fix as well.
See this new blog post for details -->
http://blog.nashcom.de/nashcomblog.nsf/dx/server-controller-issue-when-applying-9.0.1-fp5-if2.htm

SPR Description
KLYHA6ZP4F Security Bulletin: Vulnerability in IBM Domino Web Server TLS AES GCM Nonce Generation (technote 1979604) Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
EDOE9HZLXH Using the colon character in the Domino server title break the Java console. Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
MKINA86V2A The Java console applet needs to be updated for Oracle JVMs Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
MKINA85TJB The java console applet needs the same fix as SODY9FFEYE (technote 1662233) Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
MKINA85TEQ The java console applet needs the same fix as SODY9DDBD5 (technote 1662233) Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
PMGYA4CHDZ Fixes intermittent Domino Server and Notes Client crash when organization is doing a key rollover. Crash occurs on both client and server side when trying to connect. Image:Security Issue - IBM Domino AES GCM weak nonce generation vulnerability
RSSNA6UU79 Domino Console won't connect even when scontroller is running (technote 1977125)






Details and references:


http://www.ibm.com/support/docview.wss?uid=swg21979604

CVEID: CVE-2016-0270 / DESCRIPTION: IBM Domino contains an unspecified vulnerability that could lead to session snooping using man-in-the-middle techniques.


  • [IBM Lotus Domino]
  • [Domino on Linux]
  • [Nash!Com]
  • [Daniel Nashed]