We have just upgraded customer servers to the latest 9.0.1FP9 and are also getting these alerts when testing the SSL config via Qualys Labs.

Anyone from IBM care to advise how to mitigate/fix this?

By only enabling ECDHE & DHE cyphers this appears to have worked around the issue and I no longer get the ROBOT errors.

FYI this is the notes.ini I used: SSLCipherSpec=C030009FC02F009EC028006BC0140039C0270067C013

Thanks. This work around worked. My SSLCipherSpec looks like this:  SSLCipherSpec=C030009FC028006BC0140039

I only enabled the 256 bit ciphers.

Per SSL Labs that allows support for IE 8-10.

Howard

Daniel Nashed in his blog mentions that ROBOT is to be addressed in Feature Pack 10:  http://blog.nashcom.de/nashcomblog.nsf/dx/robot-ssltls-attack.htm

Mr. Nashed also makes the point that most browsers would try to use more secure ciphers when they are available, so the actual risk of less secure ciphers may be overstated.