While my brothers and sisters are heading off to Florida for IBM Connect 2016 (tickets still available), some of us have to stay home and keep things running…
It looks like IBM released IBM Domino 9.0.1 Fix Pack 5 Interim Fix 1 to fix an issue with MD5. There’s a vulnerability called ‘SLOTH’ that is on TLS 1.2 that affect Domino. Read more about the vulnerability by going here:
Security Bulletin: Vulnerability in MD5 Signature and Hash Algorithm affects IBM Domino (CVE-2015-7575)
You can get the fix and all of your other fixes by going here:
Interim Fixes and JVM patches for 9.0.1.x versions of IBM Notes, Domino, iNotes and Notes Browser Plug-in
IMPORTANT: Make sure you test this thoroughly to make sure it does not cause any compatibility issues. (The fix disabled MD5 signature has by default.)
I’m being cautiously optimistic on this! Thank you IBM for finally addressing one of the many elephants in the room!
How is IBM Domino impacted by the POODLE attack? (IBM Technote 1687167)
Planned SHA-2 deliveries for IBM Domino 9.x (IBM Technote 1418982)
Notice that the second technote indicates that support for SHA-2 will be for Domino 9.x only. There are plenty of posts out there about ways to get around this… off the top of my head, my friend Darren Duke posted one here: Here is a freely available VM to reverse proxy Domino – shoot the poodle
And now… WE WAIT!
Go read Darren Duke’s ‘Call to Arms’ about getting IBM to listen to those of us that want/need SHA-2 support in the native HTTP stack:
So Domino and SHA2…..There’s a SPR for that
Now that you’ve read it… ACT! He tells you how, and even provides easy links to get you going.
Thanks Darren for leading this charge! Sometimes #ItsDarrensFault is a good thing…