Domino 10.0.1 was released on Monday to great fanfare, with lots of shiny new toys to play with such as panagenda’s excellent MarvelClient Essentials client management tool baked in, and the ‘official’ launch of the AppDev Pack with Node.js support.
These were the biggest headline grabbers, but a hidden nugget I’ve just discovered will make my life so much easier when wearing my Domino admin hat – selectable SSL ciphers in the Administrator client!
I know this doesn’t sound very sexy, but bear with me on this. As we all know, on the whole Domino is incredibly secure; however, one of the areas which has been caught napping was poor cipher support in its HTTPS server. Part of the solution was to restrict the ciphers used for establishing SSL connections to only the strong ones that cannot be exploited.
However, this can only be done by adding a notes.ini setting – SSLCipherSpec – along with a frankly cryptic sequence of hexadecimal numbers that defined which ciphers you wanted to enable. To figure out which ones were in play always required breaking apart the string, followed by a Google of Domino’s cipher hex codes. Hardly user friendly.
Well, now with the arrival of Domino 10.0.1, we can finally select and view enabled ciphers using a simple pop-up! This can be opened in the Security tab of the Internet Site document if they’re being used, or in the Ports tab of the Server document.
This is only part of the security story when it comes to Domino though. We have extensive experience in Domino SSL configuration and server hardening – please get in contact if you’d like a security review or general chat about how we could improve your current systems.