Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

263 VOTE
Status Assessment
Workspace Domino
Categories Security
Created by Guest
Created on Jul 23, 2018

TLS 1.3 Support for the Domino INET Stack

TLS 1.3 should be added in Domino 11.

There are already recommendations to disable TLS 1.0 and I have seen customers who already disabled TLS 1.0 on their SMTP servers. On the other side there are still unpatched environments which do not support TLS 1.2 today.

In a year from now there are much more servers only supporting current ciphers and TLS 1.2.

Now that TLS 1.3 is finalized and published it makes sense to look into it.

Here is a good write-up about the benefits and some details. It also contains a list of software which already supports TLS 1.3.

https://www.wolfssl.com/docs/tls13/


Daniel Nashed [ https://blog.nashcom.de ]

  • Attach files
  • Guest
    Reply
    |
    Dec 21, 2024

    6 years evaluating if TLS 1.3 is necessary ?

    are we going to wait for TLS 1.4 ?


    please !

  • Guest
    Reply
    |
    Jun 10, 2024

    Did you know Dire Straits' "Money for Nothing (1985)" intro was originally, "I want my [TLS] 1.3"? But the label made them change it to "I want my MTV" and the rest, as they say, was history. I don't remember what year I first voted for this idea. But I still want my, still want my, still want my 1.3! =)

    -Ben Erickson

    Trusted Computer Consulting LLC

  • Guest
    Reply
    |
    Apr 26, 2024

    Had to explain to a customer today that the reason that TLS 1.3 in the monitoring software is "red" is because Domino doesn't support it. TLS 1.3 is from 2018. 6 years since and still not supported is not a good story :-(

    -- Martijn de Jong (e-office)

  • Guest
    Reply
    |
    Mar 23, 2024

    Dont tell me , we are waiting for Voting to cross 10000. I guess this issue does not require voting. This is not just a feature, it is a necessity. Soon , it will become an urgent necessity.

  • Guest
    Reply
    |
    Jan 18, 2024

    This should also be implemented without voting and should be available as a basic function

  • Guest
    Reply
    |
    Oct 10, 2023

    Hello: Currently the security issue is not an option and should not depend on whether we vote for it or not.

    Please HCL tell us in which version TLS 1.3 will be supported?

  • Guest
    Reply
    |
    Apr 21, 2023

    Still no TLS 1.3 ... why?

  • Guest
    Reply
    |
    Nov 2, 2022

    Would be nice to see TLS 1.3 in version 12, now that Domino v11 has come and gone.

  • Guest
    Reply
    |
    Oct 26, 2021

    TLS1.3 and/or HTTP/2 (or even QUIC) makes any HTTP server respond faster (end-to-end).

    This is a cheap low-hanging fruit...


    [ Toni Feric, Belsoft Collaboration ]

  • Guest
    Reply
    |
    Jan 22, 2021

    Fully agree: modern standards should be implemented asap!


    HCL, please stop IBM's low performance.

  • Guest
    Reply
    |
    Sep 18, 2020

    Be ahead this time. We all remember POODLE

  • Guest
    Reply
    |
    Oct 10, 2019

    I wish I could vote for this 11 times. This kind of thing is critical to Domino's image as a secure product.

  • Guest
    Reply
    |
    Dec 12, 2018

    Version 11 is definitely to late. Version 10 or 9 would be good

  • Guest
    Reply
    |
    Dec 11, 2018

     Clients wants to introduce TLS v1.3 protocol and will be using it as the only supported protocol.
    Their dedicated NotesClient on the Archiving Bridge host uses currently the version 901FP8SHF244.
    Their End-user-clients can use any NotesClient version e.g. 901FP10.
    They want 901FPxx-NotesClient to support TLS v1.3(basically client and Domino)

  • Guest
    Reply
    |
    Aug 30, 2018

    This is necessary so that IBM/HCL don’t find themselves in another embarrassing POODLE situation like with SSLv3 (where for years TLS was rejected as being needed as SSLv3 was deemed sufficient by IBM). Domino should be leading the way in security.

  • Guest
    Reply
    |
    Jul 23, 2018

    I agree. Slowness to adopt TLS 1.3 is not good for the image of the product. It would help if it could be seen as on top of such changes.

1 MERGED

Add support for the following TLS 1.2 Ciphers

Merged
Because we have some PCI DSS controls, we need to allow only the ciphers that matches TLS 1.2 and TLS 1.3, but we cannot see the ciphers to configure them in the configuration of Domino Server. TLSv1.3: - 0x13,0x01 TLS13_AES_128_GCM_SHA256 - 0x13,...
3 months ago in Domino / Security 1 Assessment