TLS For Domino SMTP

Those that are already using or considering enabling secure SMTP sessions using STARTTLS for Domino should either disable it / wait for now (until SPR# MKENA4SQ7R is resolved in an IF or 9.0.1 FP6), obtain hotfix(es) directly from IBM, or risk the inability to deliver/receive TLS with (at least) some @outlook.com addresses.

For those using (or planning to use) TLS, you should also look at adding the SSL_SESSION_SIZE notes.ini setting. When the setting is not used, the value defaults to 5000 and this is too low to prevent errors like:

02/25/2016 12:23:52 PM New SSL session data length of 5121 bytes is larger than the current size of 5000 bytes.
02/25/2016 12:23:52 PM You may want to set the Notes.ini variable SSL_SESSION_SIZE to at least 5121 bytes.

Note that the server suggested the 5121 value in this example (presumably based upon the handshake with the external server) and I’ve been unable, as yet, to find any other scientific method for determining what other value might be better.

Advertisements