Domino TLS POODLE Fix released
Daniel Nashed – 21 December 2014 23:30:09
As reported before the IF that introduced TLS 1.0 is vulnerable to the new PODDLE issue. IBM released a new IF for all supported versions that fixes this issue.
After installing the IF you can re-enable the CBC ciphers which are now reported as not vulnerable by the SSL Labs Test site.
In addition to this fix IBM officially introduces a new notes.ini variable to disable SSL V3.
DISABLE_SSLV3=1 will disable SSL V3 completely. But as mentioned before you should be completely sure if you want to completely disable SSL V3.
SPR #KLYH9QXMQE: Disable SSL ini:
SPR #KLYH9RMJGL: CVE-2014-8730 TLS 1.x Padding Vulnerability
There is a reference technote and a list of IFs for all supported releases.
Security Bulletin: TLS Padding Vulnerability affects IBM Domino (CVE-2014-8730)
http://www.ibm.com/support/docview.wss?uid=swg21693142
Fixes for this issue are currently available
9.0.1 Fix Pack 2 Interim Fix 3
9.0 Interim Fix 7
8.5.3 Fix Pack 6 Interim Fix 6
8.5.2 Fix Pack 4 Interim Fix 3
8.5.1 Fix Pack 5 Interim Fix 3
- Comments [2]
1Andy Brunner 21.12.2014 12:05:10 Domino TLS POODLE Fix released
Thanks Daniel for this update and for the reference to the Domino notes.ini parameter. The "Disable_SSLV3=1" is not in the technote.
Andy
2Uwe Brahm 25.12.2014 15:21:03 Domino TLS POODLE Fix released
It's essential for those that have IHS in front of their Domino servers to read this technote:
{ Link }
Regards,
Uwe