IdeaJam(tm) : Include Transport Layer Security (TLS) support in the Domino server

Domino Server / Security: Include Transport Layer Security (TLS) support in the Domino server

Mon, 09 Mar 2009 21:17:32 +0000

Author: Paul Calhoun
Tags: ssl tls security
Idea:

Currently there is no version of Notes/Domino that supports connecting to a site/web service that only supports Transport Layer Security (TLS) also know as SSL version 3.1.

As more and more sites are implementing TLS (and some are implementing them exclusivly) it keeps domino developers from being able to architect a solution to connect to and retrieve data from those sites.

Adding TLS support will enable the continuation of Domino based solutions in this space.

re: Include Transport Layer Security (TLS) support in the Domino server

Tue, 10 Mar 2009 02:58:17 +0000

Author: Mark Demicoli
Comment: It seems a natural progression. I'd be interested to learn how a Domino web app would differ (if at all) with HTTP running ontop of TLS, as opposed to what we do currently with SSL (my TLS knowledge is very limited). Also could you give an example of a site/web service that only supports TLS?

re: Include Transport Layer Security (TLS) support in the Domino server

Tue, 10 Mar 2009 14:55:46 +0000

Author: Paul Calhoun
Comment: I can't give the specific web site as I'm under NDA, but in researching this I have found several web sites that are exclusively supporting TLS.

Most are government based web sites.

Given all the work IBM does with government sites, I'm surprised they have not already implemented this.

re: Include Transport Layer Security (TLS) support in the Domino server

Thu, 12 Mar 2009 15:38:43 +0000

Author: Don Munie
Comment: I must admit that my knowledge of TLS is also limited. We are currently using TLS with Domino for SMTP traffic. I am not familiar with TLS over other HTTP. What is the difference between it and SSL? Don't they use the same key structure?

re: Include Transport Layer Security (TLS) support in the Domino server

Thu, 15 Oct 2009 03:11:03 +0000

Author: Bruce Lill
Comment: I set it up for smtp on domino servers and thought it was the same as ssl for web sites. What is the difference?

re: Include Transport Layer Security (TLS) support in the Domino server

Sun, 20 Jun 2010 14:47:52 +0000

Author: Michelle Snow
Comment: In order for a Web site to be FIPS 140-2 compliant (a government requirement) it must use TLS. Without this functionality, a large portion of the government market will be closed off from being able to use Domino.

re: Include Transport Layer Security (TLS) support in the Domino server

Wed, 23 Feb 2011 06:26:54 +0000

Author: Sean Burgess
Comment: With more gov't sites requiring HTTPS, Domino is going to be shut out as a development platform for any site using an FDCC machine. I have run into this in the real world and have lost bids for work because of it.

re: Include Transport Layer Security (TLS) support in the Domino server

Tue, 20 Sep 2011 23:14:39 +0000

Author: Michelle Snow
Comment: Just got done with my 3-year update audit for FISMA certification purposes. Once again this is an issue. Is IBM seriously giving up on the federal government market for Domino?

re: Include Transport Layer Security (TLS) support in the Domino server

Thu, 22 Sep 2011 09:02:46 +0000

Author: Lars Berntrop-Bos
Comment: SSL/TLS1.0 have been made insecure, IBM NEEDS TO UPDATE (emphasis intended)

Documenting the NEED:
Link to slashdot documenting the insecurity of SSL up to and including TLS 1.0 { Link }