The rating for his server using a SSL check from from Qualys was T:
iNotes was not accessible eventhough the Domino server itself had no problems at all.
This problem appeared after several modern browsers updated their security policys. I will try to explain what is causing these problems and how you are able to solve them:
"This server's certificate is not trusted, see below for details."
This often indicates that you are using self-signed certificates or certificates that were created/signed from an untrusted CA. I would advise you to buy a SSL certificate from a common seller. You can get them for less than 20$ a year. ROI after the first user of your company doesn't ask you details about this message.
"This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate."
IBM provided fixpacks for the POODLE exploits and also implemented TLSv 1.0. ( index for fixpacks )
Yes, only v1.0, eventhough v1.2 exists since > 6 years and has already know vulnerabilities.
And you will have to set the .ini-Parameter "DISABLE_SSLV3=1" .
I will discuss the other problems in my next posts.
I would be happy if you could leave some comments on my first part. Or only share this blog with others ;-)
As security seems be something that was left behind the last years in many companys I am trying to revive this topic by writing about things that I get a contact with as a junior consultant at a IBM Premier Business Partner company.
Keine Kommentare:
Kommentar veröffentlichen
Sometimes there is no next time, no second chance, no time out. Sometimes it is now or never.
- Alan Bennett