Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.


Ciphers in Domino Directory: Show us the Hexcode in Brackets

It is great that we have all the new ciphers in the domino directory template 10 now. But as every product uses different ways to write the ciphers it is hard to compare them between products. 

 

e.g.

 

Domino: ECDHE_RSA_WITH_AES_128_GCM_SHA256

OpenSSL: ECDHE-RSA-AES128-GCM-SHA256

 

They are the same but to find this out you need to do manual comparison. 

 

Not to speek from SSLCipherSpec from releases before 10

SSLCipherSpec=C030009F009D 

 

Have you tried to find out, which tick- boxes of the new form are behind this notes.ini entry? 

 

Please make the selection dialog for ciphers look like this:

ECDHE_RSA_WITH_AES_256_GCM_SHA384 (C030)

DHE_RSA_WITH_AES_256_GCM_SHA384 (009F)

ECDHE_RSA_WITH_AES_128_GCM_SHA256 (C02F)

DHE_RSA_WITH_AES_128_GCM_SHA256 (009E)

ECDHE_RSA_WITH_AES_256_CBC_SHA384 (C028)

DHE_RSA_WITH_AES_256_CBC_SHA256 (006B)

...

 

That way it is very easy to compare ciphers using their 4 digit Hex value.

And if one cipher is said to be insecure, it is a matter of one glance to find, if that one is enabled in your environment.

 

Torsten Link

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 20 2018
  • Investigating
  • Attach files