#dominoforever | Product Ideas Portal


Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

TLS 1.3 Support for the Domino INET Stack

TLS 1.3 should be added in Domino 11.

There are already recommendations to disable TLS 1.0 and I have seen customers who already disabled TLS 1.0 on their SMTP servers. On the other side there are still unpatched environments which do not support TLS 1.2 today.

In a year from now there are much more servers only supporting current ciphers and TLS 1.2.

Now that TLS 1.3 is finalized and published it makes sense to look into it.

Here is a good write-up about the benefits and some details. It also contains a list of software which already supports TLS 1.3.




Daniel Nashed  [ https://blog.nashcom.de ]


  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Jul 23 2018
  • Likely to implement
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    18 Sep 08:05

    Be ahead this time. We all remember POODLE

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    October 10, 2019 16:44

    I wish I could vote for this 11 times. This kind of thing is critical to Domino's image as a secure product.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 12, 2018 14:01

    Version 11 is definitely to late. Version 10 or 9 would be good

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 11, 2018 14:51

     Clients wants to introduce TLS v1.3 protocol and will be using it as the only supported protocol.
    Their dedicated NotesClient on the Archiving Bridge host uses currently the version 901FP8SHF244.
    Their End-user-clients can use any NotesClient version e.g. 901FP10.
    They want 901FPxx-NotesClient to support TLS v1.3(basically client and Domino)

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    August 30, 2018 05:50

    This is necessary so that IBM/HCL don’t find themselves in another embarrassing POODLE situation like with SSLv3 (where for years TLS was rejected as being needed as SSLv3 was deemed sufficient by IBM). Domino should be leading the way in security.

  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    July 23, 2018 17:10

    I agree. Slowness to adopt TLS 1.3 is not good for the image of the product. It would help if it could be seen as on top of such changes.