You understand correctly.
You understand correctly. But the part
about "TLS certificates" in your post is a little unclear. As
per the technote, TLS 1.0 is the protocol we are adding natively to Domino
for the latest fixpacks of 8.5.1 through 9.0.1. That will allow browsers
configured with SSLv3 disabled and TLS 1.0 enabled to communicate with
Domino.
The certs are a separate story. You
can use existing SHA-1 certs with TLS 1.0.
Separately we plan on are releasing
tools to allow SHA-2 importing. SHA-2 is restricted to 9.0 and above since
it relies on cryptographic infrastructure introduce in 9.0. TLS supports
SHA-2 as well.
Timeframe
We are keeping the time-frame somewhat
vague as we go through the dev/test cycle. The technote states "Domino
server Interim Fixes over the next several weeks".
But we will keep the Design Partners up to speed.