fighting for truth, justice, and a kick-butt lotus notes experience.

If you want SHA-2 Support for Domino HTTP add yourself to Enhancement Request ABAI7SASE6

 August 22 2014 06:41:23 PM
"IBM Domino support has received several questions and PMRs recently regarding SHA-2 support within Domino. SHA-2 is currently supported with x.509 certificate for s/mime in the Domino environment.
At this time, the Domino kyr file does not provide native support for SHA-2 certificates for protocols such as LDAPS, HTTPS, DIIOPS, etc.

We are aware that Certificate Authorities are no longer offering SHA1 certs by default, and many browsers will soon depreciate their trust of SHA1.

For HTTP requests (on the Windows server platform), we currently recommend using the IHS proxy server, available starting with Domino 9.0:

*Link to presentation on Implementing TLS support with IBM Domino 9.x and IBM HTTP Server (IHS)
*Link to IHS reference: http://publib.boulder.ibm.com/httpserv/ihsdiag/ssl_questions.html


At this time, the request to provide full native support for SHA-2 is currently under investigation by the Domino Development team:

Enhancement Request Number: ABAI7SASE6

Technote reference: http://www-01.ibm.com/support/docview.wss?uid=swg21418982  
APAR reference: http://www-01.ibm.com/support/docview.wss?uid=swg1LO48388  

If you also desire this functionality in your environment, we encourage you to open a PMR and add your company to the enhancement request . This alerts our development team to the continued interest for this feature, which is not a guarantee of a solution or fix, just an inclusion to this existing enhancement request for this feature to be considered for a future release
."

Please add yourself to the Enhancement Request or participate in the discussion started by Amy Knox (IBM):

http://www-10.lotus.com/ldd/ndseforum.nsf/xpTopicThread.xsp?documentId=0BBA1D75D92075FC85257D3B006FABB8

Update 21.10.2014:

Check out the latest Technote:
http://www-01.ibm.com/support/docview.wss?uid=swg21418982


Archive