HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Add a new idea Subscribe
Status Assessment
Workspace Domino
Categories Security
Created by Guest
Created on Sep 9, 2024

RELATED IDEAS

Merged idea
This idea has been merged into another idea. To comment or vote on this idea, please visit DOMINO-I-124 TLS 1.3 Support for the Domino INET Stack.

Add support for the following TLS 1.2 Ciphers Merged

Because we have some PCI DSS controls, we need to allow only the ciphers that matches TLS 1.2 and TLS 1.3, but we cannot see the ciphers to configure them in the configuration of Domino Server.


TLSv1.3:

- 0x13,0x01 TLS13_AES_128_GCM_SHA256

- 0x13,0x02 TLS13_AES_256_GCM_SHA384

- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:

- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256

- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384

- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305

- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

- 0xCC,0xAA DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

I would be helpful if we have an option to enable some oher ciphers that are no specified in the names.nsf by default.

  • Admin
    Thomas Hampel
    Reply
    |     Sep 10, 2024

    I'm going to merge this idea with another idea requesting TLS 1.3

    However, we support the first two TLS 1.2 ciphers currently when using ECDSA keys - they just don’t show up in the selection dialog because we do not allow admins to de-select them. 

Copyright © 2023 HCL Technologies Limited