Category Archives: Security

IBM Domino 9.0.1 Fix Pack 5 Interim Fix 1 released to fix MD5 SLOTH vulnerability on TLS 1.2

While my brothers and sisters are heading off to Florida for IBM Connect 2016 (tickets still available), some of us have to stay home and keep things running…

It looks like IBM released IBM Domino 9.0.1 Fix Pack 5 Interim Fix 1 to fix an issue with MD5. There’s a vulnerability called ‘SLOTH’ that is on TLS 1.2 that affect Domino. Read more about the vulnerability by going here:

Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Domino (CVE-2015-7575)

You can get the fix and all of your other fixes by going here:

Interim Fixes and JVM patches for 9.0.1.x versions of IBM Notes, Domino, iNotes and Notes Browser Plug-in

IMPORTANT: Make sure you test this thoroughly to make sure it does not cause any compatibility issues. (The fix disabled MD5 signature has by default.)

Domino getting support for POODLE and SHA2

I’m being cautiously optimistic on this! Thank you IBM for finally addressing one of the many elephants in the room!

How is IBM Domino impacted by the POODLE attack? (IBM Technote 1687167)

Planned SHA-2 deliveries for IBM Domino 9.x (IBM Technote 1418982)

Notice that the second technote indicates that support for SHA-2 will be for Domino 9.x only. There are plenty of posts out there about ways to get around this… off the top of my head, my friend Darren Duke posted one here: Here is a freely available VM to reverse proxy Domino – shoot the poodle

And now… WE WAIT!

Help tip the scales so IBM will support SHA-2 in the native HTTP stack

Go read Darren Duke’s ‘Call to Arms’ about getting IBM to listen to those of us that want/need SHA-2 support in the native HTTP stack:

So Domino and SHA2…..There’s a SPR for that

Now that you’ve read it… ACT! He tells you how, and even provides easy links to get you going.

Thanks Darren for leading this charge! Sometimes #ItsDarrensFault is a good thing…