HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status No Plans to Implement
Workspace Domino
Categories Security
Created by Guest
Created on May 10, 2021

RELATED IDEAS

Specify TLS/SSL version used by certain port or protocol.

Some application only uses certain version of TLS/SSL. Due to vulnerabilities we don't want this TLS/SSL version to be available to all ports/protocol. We want an ability to specify which versions of TLS/SSL a port or protocol can and cannot use.

  • Attach files
  • Guest
    Reply
    |     Jan 22, 2022

    Clients always use the highest protocol version and cipher they have in common with the server. The current versions of the protocols don't allow to use a lower cipher than supported.

    If a cipher or protocol version isn't secure, it should not be used on another protocol. The security is always as weak as the weakest link.

    HCL ensures current Ciphers and curves are supported. And older ciphers are marked as weak and are disabled by default.


    I don't see that splitting it between protocols would help.


    [ Daniel Nashed / https://blog.nashcom.de ]

  • Admin
    Thomas Hampel
    Reply
    |     Jan 22, 2022

    Rejecting this idea because the TLS protocol version should be the highest possible across the environment for security reasons.

Copyright © 2023 HCL Technologies Limited