Title: IBM Domino Interim Fixes to support TLS 1.0 which can be used to prevent the POODLE attack
This page introduces IBM Domino support for Transport Layer Security (TLS) 1.0. See the Interim Fix section below for links to the Interim Fixes, available on the latest fix pack of maintenance releases back to 8.5.1. Installing this interim fix on your Domino server will enable TLS 1.0 across the following protocols: HTTP, SMTP, LDAP, POP3 $ IMAP. No additional configuration is required to set up TLS. With this interim fix, Domino servers previously configured for SSL will connect with browsers (and other SSL/TLS clients) that request a TLS connection using TLS 1.0. This interim fix supports TLS_FALLBACK_SCSV to prevent the POODLE downgrade attack: Domino will not permit web browsers that also support TLS_FALLBACK_SCSV TLS to fall back to SSL V3. However, for purposes of interoperability with earlier releases of browsers and other web server clients that do not support TLS, this interim fix continues to support SSL V3 connections. As of 19-Dec-14, this fix addresses not only the October Poodle attack (CVE-2014-3566) but also the subsequent December Poodle attack (CVE-2014-8730). A complete list of features supported by this Interim Fix includes:
Added support for TLS 1.0:
- Inbound and outbound connections
- Over all protocols (HTTP, SMTP, LDAP, POP3 & IMAP)
- All platforms including support for IBM iSeries running System_SSL
- SSL/TLS Session resumption
- Client certificate authentication
- TLS protocol support for TLS_FALLBACK_SCSV Signaling Cipher Suite Value to protect browser clients that also support TLS_FALLBACK_SCSV against downgrade attacks.
- Will negotiate from TLS 1.0 and SSLv3 if other party does not support TLS 1.0. Note that protocol version *negotiation* is a different thing entirely from protocol *fallback*, as described in POODLE.
- The cipher suite list offered by Domino when making outbound connections has been re-ordered to place the AES ciphers first.
- Serviceability enhancements to make logging more thorough and easier to read and understand
- Prevents both Poodle attacks: CVE-2014-3566 and CVE-2014-8730.
Removed support:
- SSLv2
- SSL renegotiation has been disabled
- All weak (<128 bits) cipher suites have been disabled
Please note that, since Interim Fixes do not permit changes to the user interface or to templates used for configuration (e.g. Domino server document, Internet site document where SSL is configured), all SSL configuration options remain in the UI. However, as mentioned above, the installation of this Interim Fix will override your existing configuration with support for TLS 1.0
Interim Fix for TLS 1.0
Fixes for this issue are currently available via the technotes linked below for all platforms except for System z. This technote will be updated again once the System z fixes are available.
To configure TLS 1.0:
1) Bring down your server
2) Install the appropriate Interim Fix
3) Bring up your Domino server
To check that your Domino web server is using TLS, use one of the following techniques
- Access the server with a browser running TLS 1.0. Check the browser connection properties to verify that TLS is used
- Set DEBUG_SSL_HANDSHAKE=2 in the server's notes.ini. After accessing the Domino web server with a browser using TLS 1.0, search the server console.log for the string 'Protocol Version', which will indicate TLS1.0
IBM Domino (r) Server (64 Bit), Release 9.0.1, October 14, 2013
[14155850:00002-00001] 10/31/2014 17:23:41.07 SSL_Handshake> Protocol Version = TLS1.0 (0x301)
[14155850:00002-00001] 10/31/2014 17:23:41.07 SSL_Handshake> TLS/SSL Handshake completed successfully
Related Links
How is IBM Domino impacted by the POODLE attack?
http://www.ibm.com/support/docview.wss?uid=swg21687167
What are IBM's plans for IBM Domino 9.x support of SHA2?
http://www.ibm.com/support/docview.wss?uid=swg21418982
Quick guide to securing a Domino server with SSL using the CA process
http://www.ibm.com/support/docview.wss?uid=swg21193730
Domino server-based certification authority
http://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_dominoserverbasedcertificationauthority_c.dita
How to renew an SSL certificate stamped by a third-party Certification Authority
http://www.ibm.com/support/docview.wss?uid=swg21210804
Domino Certification Authority Tutorial
http://www.ibm.com/support/docview.wss?rs=463&uid=swg27006424
Generating a SHA-2 Keyring file
http://www.lotus.com/ldd/dominowiki.nsf/dx/Domino_keyring?open
Generating a keyring file with a self-signed SHA-2 cert using OpenSSL and kyrtool
http://www.lotus.com/ldd/dominowiki.nsf/dx/Self-signed_SHA-2_with_OpenSSL_and_kyrtool?open
Generating a keyring file with a third party CA SHA-2 cert using OpenSSL and kyrtool
http://www.lotus.com/ldd/dominowiki.nsf/dx/3rd_Party_SHA-2_with_OpenSSL_and_kyrtool?open
Installing and Running the Domino keyring tool
http://www.lotus.com/ldd/dominowiki.nsf/dx/kyrtool?open
Security Bulletin: TLS Padding Vulnerability affects IBM Domino (CVE-2014-8730)
http://www.ibm.com/support/docview.wss?uid=swg21693142