New SSL cipher configuration

The SSL cipher options in the Security tab of Internet Site documents or in the Ports tab of Server documents now clearly list all of the supported SSL ciphers, in order of strength, for easy selection.
SSL Cipher Settings options
Note: Be aware of the following security considerations after upgrading to Domino 10.0.1:
  • Carefully evaluate cipher settings in Server documents and Internet Site documents after upgrading to Domino 10.0.1.
  • You may currently use the SSLCipherSpec server notes.ini setting to specify cipher settings on Domino 9.0.1 servers. In this case, after upgrading to Domino 10.0.1, the value in SSLCipherSpec is selected automatically in the Server documents or Internet Site documents of Domino 10.0.1 servers. After the upgrade, the notes.ini setting on servers is ignored.
  • Note that the RSA_WITH_3DES_EDE_CBC_SHA cipher is categorized as a weak cipher as of Domino 10. This is a change from Domino 9.0.1.