Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Specify TLS/SSL version used by certain port or protocol.

Some application only uses certain version of TLS/SSL. Due to vulnerabilities we don't want this TLS/SSL version to be available to all ports/protocol. We want an ability to specify which versions of TLS/SSL a port or protocol can and cannot use.

  • Attach files
      Drop here to upload
    • Guest
      Reply
      |
      Jan 22, 2022

      Clients always use the highest protocol version and cipher they have in common with the server. The current versions of the protocols don't allow to use a lower cipher than supported.

      If a cipher or protocol version isn't secure, it should not be used on another protocol. The security is always as weak as the weakest link.

      HCL ensures current Ciphers and curves are supported. And older ciphers are marked as weak and are disabled by default.


      I don't see that splitting it between protocols would help.


      [ Daniel Nashed / https://blog.nashcom.de ]

    • Admin
      Thomas Hampel
      Reply
      |
      Jan 22, 2022

      Rejecting this idea because the TLS protocol version should be the highest possible across the environment for security reasons.