22 August 2014 20:41:23"IBM Domino support has received several questions and PMRs recently regarding SHA-2 support within Domino. SHA-2 is currently supported with x.509 certificate for s/mime in the Domino environment.
At this time, the Domino kyr file does not provide native support for SHA-2 certificates for protocols such as LDAPS, HTTPS, DIIOPS, etc.
We are aware that Certificate Authorities are no longer offering SHA1 certs by default, and many browsers will soon depreciate their trust of SHA1.
For HTTP requests (on the Windows server platform), we currently recommend using the IHS proxy server, available starting with Domino 9.0:
*Link to presentation on Implementing TLS support with IBM Domino 9.x and IBM HTTP Server (IHS)
*Link to IHS reference: http://publib.boulder.ibm.com/httpserv/ihsdiag/ssl_questions.html
At this time, the request to provide full native support for SHA-2 is currently under investigation by the Domino Development team:
Enhancement Request Number: ABAI7SASE6
Technote reference: http://www-01.ibm.com/support/docview.wss?uid=swg21418982
APAR reference: http://www-01.ibm.com/support/docview.wss?uid=swg1LO48388
If you also desire this functionality in your environment, we encourage you to open a PMR and add your company to the enhancement request . This alerts our development team to the continued interest for this feature, which is not a guarantee of a solution or fix, just an inclusion to this existing enhancement request for this feature to be considered for a future release."
Please add yourself to the Enhancement Request or participate in the discussion started by Amy Knox (IBM):
Check out the latest Technote:
- Kommentare