Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...


Daniel Nashed


Domino 9.0.1 FP5 IF1 with Security Fixes

Daniel Nashed  30 January 2016 13:47:59
There is a new IF1 for Domino 9.0.1 that includes two fixes we have waited for in the TLS area specially when communicating with STARTTLS and web-services as posted before on my blog.

SPR #KLYHA57S37 - Disable TLS Session Resumption on outbound connections by default        

This fix addresses and issue for outgoing STARTLS sessions on SMTP.

See some more details in my other blog post -->

SPR #MKENA4SQ7R - Domino TLS 1.2 Client Hello does not offer a Signature Algorithm extension causing some handshakes to fail        

The second issue is a problem with a missing security algorithm extension that causes connection issues which happened in many customer environments -- and it looks like this happened depending on the certificate used in some cases.
And also what the remote server supported. The fix implements the missing extensions and improves compatibility.

SPR #KLYHA5YRVP - Recommended security fix for IBM Domino (technote 1974958)        

The Domino SLOTH vulnerability is about collision attack with the MD5 hash function that is used in the TLS handshake.
The fix addresses this issue.

Here are the main details from the TN describing the SPR.

CVEID: CVE-2015-7575
DESCRIPTION: The TLS protocol could allow weaker than expected security caused by a collision attack when using the MD5 hash function for signing a ServerKeyExchange message during a TLS handshake. An attacker could exploit this vulnerability using man-in-the-middle techniques to impersonate a TLS server and obtain credentials.

See more details here ->

SPR #DKENA32JMP - Add support for Extended Master Secret (RFC 7627) to TLS 1.2        

This is a quite new RFC which has been implemented by Microsoft and Google for their browsers recently. Both sides need to support this extension!
Domino does now support this extension which eliminates a risk of a man-in- the-middle attack in some situations described in the RFC below.

The Transport Layer Security (TLS) master secret is not
cryptographically bound to important session parameters such as the
server certificate.  Consequently, it is possible for an active
attacker to set up two sessions, one with a client and another with a
server, such that the master secrets on the two sessions are the
same.  Thereafter, any mechanism that relies on the master secret for
authentication, including session resumption, becomes vulnerable to a
man-in-the-middle attack, where the attacker can simply forward
messages back and forth between the client and server.  This
specification defines a TLS extension that contextually binds the
master secret to a log of the full handshake that computes it, thus
preventing such attacks.


1Stuart  01.02.2016 5:11:58  Domino 9.0.1 FP5 IF1 with Security Fixes

any recommendations on customizing the cipher list, or go with the default?

2Daniel Nashed  02.02.2016 6:53:08  Domino 9.0.1 FP5 IF1 with Security Fixes

@Stuart, the recommendation for the removed cipher list is still valid for IF1.

See previous blog posts with details about the ciphers and the cipher list that IBM has currently enabled by default.

-- Daniel

3Sascha  09.03.2016 11:32:32  Domino 9.0.1 FP5 IF1 with Security Fixes

We're encountered the problem as described in SPR # MKENA4SQ7R.

But as indicated in the following link, it's fixed in FP6 not FP5 IF1/2 and since we're already at FP5 IF2, I'd say it's not yet fixed as you've written in your blog post.

{ Link }

4Daniel Nashed  09.03.2016 15:59:44  Domino 9.0.1 FP5 IF1 with Security Fixes


SPR #MKENA4SQ7R is fixed in Domino 9.0.1 FP5 IF1 but not fixed in the current Client IFs.

I was speaking about the server side fix that we needed for STARTTLS Connections.

Where do you run into issues on a Notes Client?

What issues do you currently have with this missing extension?

-- Daniel



    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]