~Tanita DesweverobuSep 3, 2015, 2:06 PM94 PostsUpgrade your server certificate from MD5 to SHA-1 or (preferably) SHA-256TLS 1.2 adds a mandatory extension to the ClientHello that allows the client to specify what signing algorithms it supports, and many clients are now excluding MD5 from that list. This will cause TLS 1.2 connections to fail against your MD5 server certificate. Most browsers will then retry with TLS 1.1 or 1.0 and -- lacking that extension -- succeed, but many non-browser clients will just stop there and fail completely. The Notes/Domino wiki has some good information on how to create your own self-signed certificates or how to request a stronger certificate from a public CA.
~Sven QuetvelupulakoiSep 3, 2015, 2:11 PM24 PostsReplace your MD5 Web server keyring with SHA-2 (or SHA1)You will need to replace your server keyring with a SHA-2 (or SHA-1) certificate that does not use the MD5 hashing algorithm. Title: Domino Web Server keyring still using MD5 may cause TLS 1.2 handshake failure Doc #: 1701159 URL: http://www.ibm.com/support/docview.wss?uid=swg21701159
~Naomi ZenniteroopsiSep 4, 2015, 5:02 PM11 PostsReplace your MD5 Web server keyring with SHA-2 (or SHA1)Dave, David, Thanks for your answers. I'm happy to see that my further searches sent me to the same Technotes you quote, so i'll follow them. Thanks again. Yan
~Tate RenubergetsiNov 4, 2015, 3:28 PM12 PostsThere will be an OpenMic for this topicThere will be an OpenMic today 11/04/15 for this topic: http://www-01.ibm.com/support/docview.wss?uid=swg27046894