Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


TLS 1.3 Support for the Domino INET Stack

TLS 1.3 should be added in Domino 11.

There are already recommendations to disable TLS 1.0 and I have seen customers who already disabled TLS 1.0 on their SMTP servers. On the other side there are still unpatched environments which do not support TLS 1.2 today.

In a year from now there are much more servers only supporting current ciphers and TLS 1.2.

Now that TLS 1.3 is finalized and published it makes sense to look into it.

Here is a good write-up about the benefits and some details. It also contains a list of software which already supports TLS 1.3.

 

https://www.wolfssl.com/docs/tls13/?gclid=EAIaIQobChMIs7TD18613AIV15MbCh3j6Qm7EAAYASAAEgIKh_D_BwE

 


Daniel Nashed  [ https://blog.nashcom.de ]

 

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 23 2018
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 23, 2018 17:10

    I agree. Slowness to adopt TLS 1.3 is not good for the image of the product. It would help if it could be seen as on top of such changes.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 30, 2018 05:50

    This is necessary so that IBM/HCL don’t find themselves in another embarrassing POODLE situation like with SSLv3 (where for years TLS was rejected as being needed as SSLv3 was deemed sufficient by IBM). Domino should be leading the way in security.