#dominoforever | Product Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

TLS 1.3 Support for the Domino INET Stack

TLS 1.3 should be added in Domino 11.

There are already recommendations to disable TLS 1.0 and I have seen customers who already disabled TLS 1.0 on their SMTP servers. On the other side there are still unpatched environments which do not support TLS 1.2 today.

In a year from now there are much more servers only supporting current ciphers and TLS 1.2.

Now that TLS 1.3 is finalized and published it makes sense to look into it.

Here is a good write-up about the benefits and some details. It also contains a list of software which already supports TLS 1.3.




Daniel Nashed  [ https://blog.nashcom.de ]


  • Guest
  • Jul 23 2018
  • Assessment
  • Attach files
  • Guest commented
    26 Oct, 2021 10:18pm

    TLS1.3 and/or HTTP/2 (or even QUIC) makes any HTTP server respond faster (end-to-end).

    This is a cheap low-hanging fruit...

    [ Toni Feric, Belsoft Collaboration ]

  • Guest commented
    22 Jan, 2021 10:12am

    Fully agree: modern standards should be implemented asap!

    HCL, please stop IBM's low performance.

  • Guest commented
    18 Sep, 2020 08:05am

    Be ahead this time. We all remember POODLE

  • Guest commented
    10 Oct, 2019 04:44pm

    I wish I could vote for this 11 times. This kind of thing is critical to Domino's image as a secure product.

  • Guest commented
    12 Dec, 2018 02:01pm

    Version 11 is definitely to late. Version 10 or 9 would be good

  • Guest commented
    11 Dec, 2018 02:51pm

     Clients wants to introduce TLS v1.3 protocol and will be using it as the only supported protocol.
    Their dedicated NotesClient on the Archiving Bridge host uses currently the version 901FP8SHF244.
    Their End-user-clients can use any NotesClient version e.g. 901FP10.
    They want 901FPxx-NotesClient to support TLS v1.3(basically client and Domino)

  • Guest commented
    30 Aug, 2018 05:50am

    This is necessary so that IBM/HCL don’t find themselves in another embarrassing POODLE situation like with SSLv3 (where for years TLS was rejected as being needed as SSLv3 was deemed sufficient by IBM). Domino should be leading the way in security.

  • Guest commented
    23 Jul, 2018 05:10pm

    I agree. Slowness to adopt TLS 1.3 is not good for the image of the product. It would help if it could be seen as on top of such changes.