TLS For Domino SMTP

Those that are already using or considering enabling secure SMTP sessions using STARTTLS for Domino should either disable it / wait for now (until SPR# MKENA4SQ7R is resolved in an IF or 9.0.1 FP6), obtain hotfix(es) directly from IBM, or risk the inability to deliver/receive TLS with (at least) some addresses.

For those using (or planning to use) TLS, you should also look at adding the SSL_SESSION_SIZE notes.ini setting. When the setting is not used, the value defaults to 5000 and this is too low to prevent errors like:

02/25/2016 12:23:52 PM New SSL session data length of 5121 bytes is larger than the current size of 5000 bytes.
02/25/2016 12:23:52 PM You may want to set the Notes.ini variable SSL_SESSION_SIZE to at least 5121 bytes.

Note that the server suggested the 5121 value in this example (presumably based upon the handshake with the external server) and I’ve been unable, as yet, to find any other scientific method for determining what other value might be better.


GoDaddy SSL Certificate Type Per Server Type

After GoDaddy generates an SSL Certificate, the next step is to download the Zip file that matches your hosting server type. Then, install all of the certificates in the Zip file on your hosting server, including any intermediate certificates that might be needed for older browsers or servers. To download this zip file, click on the “Server Type” dropdown menu.  You are presented with the following options:


However, if your server type isn’t listed, it isn’t necessarily obvious which server type to choose. If you know the certificate file type you need, here are the file types each option will provide:

Apache > .crt with .crt bundle

Exchange > .crt with .p7b intermediates

IIS > .crt with .p7b intermediates

Mac OS X > .crt with .crt bundle

Tomcat > .crt with .crt bundle with gdig2.crt

Other > .crt with .crt bundle