.

HCLSoftware Business Partner
Domino Consulting Services
CRUCIAL Notes Tools
+1 212-599-2048

Domino Consulting Services
CRUCIAL Notes Tools
Domino administration
Notes development

Facebook Twitter YouTube
Chat now       
.
ProductsDownloadsNewsAbout usContact


Need a Domino Consultant? Call NotesMail +1 212-599-2048 - HCLSoftware Business Partner

WHAT'S NEW IN DOMINO 12?


Two new curves supported for TLS 1.2 ciphers that use ECDHE for forward secrecy
The TLS 1.2 ciphers that use Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) for forward secrecy now support two new curves for forward secrecy: X25519 and X448.

These curves are in addition to the curves introduced with the ECDHE ciphers in 9.0.1 FPx: NIST P-256, NIST P-384, and NIST P-521. X25519 and X448 offer better performance and space efficiency than the equivalent NIST Prime curves and are simpler to implement in an error-free fashion. The https://en.wikipedia.org/wiki/Curve25519 summarizes many of the reasons to prioritize use of these new curves.

The elliptic curve used for forward secrecy is negotiated dynamically as part of the TLS handshake: the client sends its list of supported curves in preference order, and the server picks one that both sides support. Domino's new ordered preference for ECDHE is:

1. X25519

2. NIST P-256

3. X448

4. NIST P-384

5. NIST P-521

Each of these curves can be disabled with a corresponding notes.ini:


Parent topic: New security features and enhancements