Rss Feed
Print

If you run a security scan (e.g. Nessus) against a Domino HTTP / SMTP Server you might get the following result:

Hostname: "Domino1" (xxx.xxx.xxx.xxx)
Plugin name: "SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability"
Severity: Medium
Risk factor: Medium

Fixing this "issue" is quite easy:

The solution for that is to prevent SSL connections from renegotiating. This must be done via the notes.ini key SSL_DISABLE_RENEGOTIATE=1. After this is set you need to restart the domino server.

 

Cross Reference:

Transport Layer Security (TLS) Renegotiation Indication Extension

Leave your comments

Post comment as a guest

0
terms and condition.

Comments

  • No comments found