Domino on Linux/Unix, Troubleshooting, Best Practices, Tips and more ...

alt

Daniel Nashed

IBM Traveler 9.0.1.7 shipped with iOS 9 support

Daniel Nashed – 7 September 2015 08:46:02

Traveler 9.0.1.7 shipped while I was away for holidays. I have updated my server already over the weekend and it looks good.
I have also not heard anything negative from any customer yet.

This release does not only add support for iOS 9 but also Windows 10 Pro on tablet devices and the latest MS SQL Server.

- Support for Windows 10 Pro running on tablet devices.
- Support for Apple iOS 9.x running on all Apple devices.
- Support for Microsoft SQL Server 2014 Enterprise Edition.

Here is the link to the fixlist which includes fixes specifiy for iOS9.

http://www.ibm.com/support/docview.wss?uid=swg21700212#9017

Because iOS9 did not ship yet and the version is not final yet, you never know if there are new fixes needed once iOS 9 shipped.
But you should be prepared for iOS9 with this update.

!! Important Reminder !!!

In addition you should keep in mind (as posted before) that Apple is introducing ATS which has way higher requirements for HTTPS/TLS on your server.
The missing component for the Domino HTTP stack is currently ECDHE ciphers. Hopefully IBM will make a new fix available before iOS9 shippes.
If you are running Domino HTTPS for anything that directly communicates with a iOS9 or the next OSX you have to meet the following requrirements:

  • TLS 1.2
  • >= 2048 bit RSA
  • SHA-256 signed web server certificates
  • ECDHE!!


So you have to already ensure that your device facing HTTPS component is using the right certificates. If you are running behind a secure reverse proxy you can already check if you meet all requirements.

For native Domino you should upgrade at least to 9.0.1 FP4 to be prepared.

Comments

1Patrick Schneider  16.09.2015 9:18:19  IBM Traveler 9.0.1.7 shipped with iOS 9 support

Looks like the missing Elliptic Curve (ECDHE) ciphers will be available in Domino 9.0.1 FP4 IF2(?), which will be released end of September 2015.

{ Link }

"Additionally, IBM is working on an Interim Fix for 9.0.1 Fix Pack 4 (and the upcoming 9.0.1 Fix Pack 5) that will implement Elliptic Curve cipher support for TLS 1.2 and TLS 1.0 that remedies this issue and implements Elliptic Curve support for the following protocols: HTTP/HTTPS, LDAP/LDAPS, SMTP, IMAP, and POP3. Currently, the ETA for the Interim Fix posting is end of September 2015. "

2Daniel Nashed  16.09.2015 15:25:26  IBM Traveler 9.0.1.7 shipped with iOS 9 support

yes I posted that update to my other post about ATS.

Maybe we are getting the fix sooner. It all looks good right now.

But for sure we should have a fix end of this month.

It is not clear yet -- until we have the released version if ActiveSync and Safari/other build-in apps will have ATS enabled as well.

Or if this only hits not re-compiled applications that lower the security standard by allowing other ciphers --> see details in the TN.

I am waiting for the final iOS 9 release for testing. And same does IBM when you read between the lines in the TN ..

Nobody knows exactly before it is released... The last beta still allowed non-ECDHE ciphers...

-- Daniel

Links

    Archives


    • [HCL Domino]
    • [Domino on Linux]
    • [Nash!Com]
    • [Daniel Nashed]