This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Cheryl Umaobu
Mar 25, 2016, 7:01 PM
151 Posts

Domino TLS Cipher Configuration

  • Category: Domino Administrator
  • Platform: All Platforms
  • Release: 9.0.1
  • Role: Administrator
  • Tags:
  • Replies: 1

I've been doing some searching on specifying acceptable cipher selection
for Domino 9
At first it was recommended to change this in the Domino Server Document.
Ports, Internet Ports, SSL settings, SSL ciphers
Then it was noted that if you are using internet sites documents that
website documents will override the Domino Server Document:  Web Site,
Security, SSL Security, SSL ciphers
Then it was noted that both of these are pretty obsolete and really only
offer low cipher selections.  Apparently starting with some hot fix I now
need to store my selection in my notes.ini as per this document:
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration

Is the above document the latest?
Is my interpretation of it correct?

I am trying to combat audit dings like the following:
TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566)
TLS/SSL Server is enabling the BEAST attack (ssl-cve-2011-3389-beast)
TLS/SSL Server is enabling the POODLE attack (sslv3-cve-2014-3566-poodle)
TLS/SSL Server Supports SSLv3 (sslv3-supported)
TLS Server Supports TLS version 1.0 (tlsv1_0-enabled)
TLS/SSL Server Supports The Use of Static Key Ciphers
(ssl-static-key-ciphers)
TLS/SSL Server Supports 3DES Cipher Suite (ssl-3des-ciphers)
TLS/SSL Server Does Not Support Any Strong Cipher Algorithms
(ssl-only-weak-ciphers)

Apparently these ciphers are unacceptable:
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA


It even complained about these:
TLS 1.2 ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384


Vulnerability Solution:
Enable support for at least one of the ciphers listed below:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

FYI:  The audit was performed by a wholly owned subsidiary of IBM.

~Tanita Desweverobu
Mar 25, 2016, 9:11 PM
94 Posts
Domino TLS cipher configuration has changed in post-9.0.1 FPs
Yes, that link points to the correct piece of documentation -- a wiki article that we keep current.  
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration

Since we couldn't change the GUI elements in FPs and the GUI didn't have options for any of the new ciphers and protocols and included others that have been disabled, those GUI elements are no longer being read.  In order to enable TLS 1.2 and modern ciphers, just install the latest and greatest version of Domino. Domino 9.0.1 FP5 IF1 shipped before Connect 2016 and includes protection against a number of newer attacks.  The default cipher list is well-reasoned and well-ordered, but you can modify that list via a notes.ini as indicated in that wiki link.   Looking at your list of issues:
  • TLS/SSL Server Supports RC4 Cipher Algorithms (CVE-2013-2566) Fixed "by default" in current Domino.
  • TLS/SSL Server is enabling the BEAST attack (ssl-cve-2011-3389-beast) Can fix by disabling all CBC ciphers or by disabling SSLv3 and TLS 1.0. Latest Domino protects against this attack by prioritizing "better" protocols and ciphers; for the sake of purity you could disable the lower-priority settings.
  • TLS/SSL Server is enabling the POODLE attack (sslv3-cve-2014-3566-poodle) Fixed via TLS 1.0 and TLS_FALLBACK_SCSV in late 2014; if you are seeing this report with a more recent release just disable SSLv3.
  • TLS/SSL Server Supports SSLv3 (sslv3-supported) Ditto
  • TLS Server Supports TLS version 1.0 (tlsv1_0-enabled) You can disable this one as well. If disabling TLS 1.0 you should monitor your logs for connection failures to ensure that you aren't leaving behind too many of your end users.
  • TLS/SSL Server Supports The Use of Static Key Ciphers (ssl-static-key-ciphers) You can disable these as well. As above, you should monitor your logs for connection failures to ensure that you aren't leaving behind too many of your end users.
  • TLS/SSL Server Supports 3DES Cipher Suite (ssl-3des-ciphers) You can disable this one, at the cost of losing backwards compatibility with IE on Windows XP.
  • TLS/SSL Server Does Not Support Any Strong Cipher Algorithms (ssl-only-weak-ciphers)Just upgrading your server will fix this one.

Looking at this list of desired ciphers and removing ECDSA (which is rarely used) and DSS (which is less secure than desired today) leaves us with...

Enable support for at least one of the ciphers listed below:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

... and documentation in the wiki shows those four ciphers as the "top 4" on the current ordered list:

  1. ECDHE_RSA_WITH_AES_256_GCM_SHA384 (C030)
  2. DHE_RSA_WITH_AES_256_GCM_SHA384 (009F)
  3. ECDHE_RSA_WITH_AES_128_GCM_SHA256 (C02F)
  4. DHE_RSA_WITH_AES_128_GCM_SHA256 (009E)

You can configure your server to only support those four ciphers with:
SSLCipherSpec=C030C02F009F009E

The following wiki page tells you how to disable SSLv3 and TLS 1.0:

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_1.2
DISABLE_SSLV3=1
SSL_DISABLE_TLS_10=1

You should also ensure that you're running with a 2048 bit RSA server key and a certificate signed with SHA-256.
https://www-10.lotus.com/ldd/dominowiki.nsf/xpViewTags.xsp?categoryFilter=SHA-2

Hope that helps!

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal