I recently stumbled upon an SSL error after upgrading a development web server from domino 9.0.1 to 10.0.1. The server uses multiple virtual server documents to distinguish certain settings between different hostnames. Following error popped up when accessing the server via HTTPS: Error code: SSL_ERROR_NO_CYPHER_OVERLAP

 

1 SSL error in Firefox

 

After taking a close look into the virtual server documents, it turns out that they most likely forgot to update the mask with the new SSL cipher configuration introduced in Domino 10.0 (contrary to the updated server and internet site documents, where it works like a charm). Setting the 9.0.1 cipher configuration again via notes.ini (SSLCipherSpec) didn’t work, the virtual servers would only offer those very old ciphers shown in the screenshot. No modern browser will accept them.

 

2 Virtual server cipher configuration

 

A quick look into the documentation didn’t help either. The cipher configuration is only described for server and internet site documents.

 

Quick fix to make the boss happy

So, I figured, maybe it works when I just put the values in the appropriate field and see what happens. And indeed, it worked.

So here is the workaround:

@SetField("SSLCipherList";"C030":"9F":"C02F":"9E":"C028":"6B":"C014":"39":"C027":"67":"C013")

Replace the values with your desired ciphers and restart the http task. No warranty though, this workaround is only for testing purposes.

 

Any suggestions or questions? Call us at +49(0)5251-288160 or send an e-mail to info@itwu.de.

Neuigkeiten vom ITWU-Blog

Installation von Domino 10 unter CentOS bricht nach „Initializing wizard“ ab

Wir haben eine gute Neuigkeit für die Linux-Fans unter euch! Mit der Version 10 unterstützt Domino mittlerweile auch offiziell CentOS. Detallierte Infos dazu gibt’s hie...

Aktuelle Interim Fixes und Domino 10.0.1

Es ist schon etwas her, dass die neuen Versionen für Notes Domino und den Traveler-Server released wurden. Endlich kommt jetzt unser Blogpost dazu. Wir informieren euch hier zum einen über die aktuellen Notes und Domino InterimFixes (siehe wei...

SSL cipher configuration for virtual servers broken in Domino 10.x

I recently stumbled upon an SSL error after upgrading a development web server from domino 9.0.1 to 10.0.1. The server uses multiple virtual server documents to distinguish certain settings between different hostnames.