SSL Breaks After Upgrading To Domino 10.0.1

Beginning with Domino 10.0.1, SSL cipher options are configurable in the Security tab of Internet Site documents or in the Ports tab of Server documents (depending on if you have or have not enabled Internet Site Documents). All of the supported SSL ciphers are now listed clearly, in order of strength, for easy selection.

In my experience, when “Load Internet configurations from Server\Internet Sites documents” is disabled, the post-upgrade enables NO ciphers by default.

In contrast, ALL (non-weak) ciphers are selected post-upgrade for Internet Site Docs.

If you ARE NOT using Internet Site Docs
To review the current settings, go to the Server doc > Ports > Internet Ports > SSL settings and click the “Modify” button in the “SSL ciphers” field.

If you ARE using Internet Site Docs
To review the current settings, go to the Domino Directory, expand Web, and choose “Internet Sites.” Then open the corresponding Internet Site document and go to the “Security” tab. In the SSL Security section, click the “Modify” button in the “SSL ciphers” field.

When the right ciphers aren’t selected, besides HTTPS pages not rendering in browsers, you will also see something like this on the console or in the log: TLS/SSL connection failed with no supported ciphers

Click this link for IBM’s KB Article about the New SSL cipher configuration for Domino 10.0.1

 

 

Advertisements

Resolving Missing Images In iNotes Redirect

Anyone using Domino Web Server Configuration (domcfg.nsf) and IBM iNotes Redirector (iwaredir) should take a look at this wiki article.

It provides a solution for surfacing certain default graphics when certain Anonymous access settings are involved.  More importantly, the info can be leveraged as a guide to allow viewing of any custom logo you have configured in iNotes redirect.

2015-08-19_14-29-54

For example (with Domino 9), if you have added a custom logo [in the iNotes Redirect configuration] with the file name, “redstapler.gif,” you need to add redstapler.gif as an image resource (via Domino Designer) to your Redirector database. Be sure to enable the “Available to Public Access Users” Security property for the image.

2015-08-19_14-38-43

Then, append the image name (including the corresponding database name you chose for your iNotes Redirect database) to a new INI entry:

HTTPPublicUrls=/iwaredir.nsf/IBMLogo.gif:/iwaredir.nsf/StylesheetLogin:/iwaredir.nsf/Login.js:/iwaredir.nsf/redstapler.gif

You must restart DOMINO, not just HTTP, to implement the HTTPPublicUrls INI setting.