You can remove the RC4 keys by deselecting them.

It might work. It depends on whether there are any keys left that'll authenticate with the contacting server.

Now you may ask, how do you tell?

It seems to be a black art. We've noticed when there are piles of other settings in the certificates & keyfile ... files ... specifying when it's appropriate & not to use a cipher, it's become almost impossible to tell whether a cipher will work for a particular use unless you "try it".

Still, to keep you informed about what I've run across, here's the complicated & technical note IBM released on the ciphers now supported.

https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration

It seems you can override the settings you've screen-shot using the Notes.INI variable, "SSLCipherSpec". It doesn't seem to me this is an action for the fat-fingering-faint-of-heart. But hey, it looks like it can be done. I assume it can be done from the "Server Configuration" document. The format looks like it's a long string of hex describing in arcane naming, which cipher to use "next".

There's not an example of a realistic cipher setting at the link. There's one unrealistic example. Does anyone have a realistic example of these ciphers in use?

There's also the remarkable potential issue:FP4's "SSLCipherSpec" formatting is not backward compatible in FP5's "SSLCipherSpec" formatting.

I'm unsure how to determine that a Domino server actually has the certificates & keyfiles, too: files that could actually deliver keys that would allow Domino to ahem, actually use these encryption schemes. There must be something out there saying how. I don't know what it is.

I've read Domino's "nonversion release" strategy has complicated matters as well. The postings told me they hadn't updated the complete list of available ciphers on the Address Book, and so ... well I don't know how to enable ciphers that are "there", but not "available". Maybe more googling could've told me that too. I abandoned the issue 'til a more opportune time. Unfortunately it looks as though you're in great need of the answer I also tried to get.

But maybe this'll help. I hope it does.

Thanks for the replies.

Dave - If If upgrade to FP7 is that all I need to do or should I modify and deselect any entries in the SSL Cipher Settings screenshot in my original post?

I'm trying to get a handle on exactly what circumstances produce what kinds of issues.

I'm trying to get a handle on exactly what circumstances produce what kinds of issues.

The servers in question both run Domino 9.0.1.FP4 and have done so since October/2015.

I don't apply fixpacks unless there is an issue, because if it ain't broke, don't fix it.

I do not have SSL enabled on these two servers.

I cannot duplicate the issue that has been experienced.

It is an intermittent issue, apparently, that can affect senders from whom we have previously received emails.

You cleared up some things for me as to what's going on in this vein.

Is FP7 the first fixpack that ignores the existing settings, or was that an older feature?