Re: CERT Advisory: #144389 Return of Bleichenbacher's Oracle Threat (ROBOT)

Hi Rob:

We updated the cipher specs (via the notes.ini) and now pass the test for
Bleichenbacher's Oracle Threat (ROBOT)
for both traveler and domino

SSLCipherSpec=C030009FC02F009EC028006BC0270067


This fixes domino but now we have to handle the IBMi apache servers as
well.

Jim


Jim W Grant
Senior VP, Chief Information Officer
Web: www.pdpgroupinc.com




From: "Rob Berendt" <rob@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Date: 01/02/2018 03:06 PM
Subject: Re: CERT Advisory: #144389 Return of
Bleichenbacher's Oracle Threat (ROBOT)
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



Previous audits have blacklisted some
SSLCipherSpec=C030009FC02F009EC028006BC0270067
# Security audit black list:
# RSA_WITH_AES_256_GCM_SHA384 (009D)
# RSA_WITH_AES_128_GCM_SHA256 (009C)
# RSA_WITH_AES_256_CBC_SHA256 (003D)
# RSA_WITH_AES_256_CBC_SHA (0035)
# RSA_WITH_AES_128_CBC_SHA256 (003C)
# RSA_WITH_AES_128_CBC_SHA (002F)
# RSA_WITH_3DES_EDE_CBC_SHA (000A)
# RSA_WITH_RC4_128_SHA (0005)
# ECDHE_RSA_WITH_AES_256_CBC_SHA (C014)
# DHE_RSA_WITH_AES_256_CBC_SHA (0039)
# ECDHE_RSA_WITH_AES_128_CBC_SHA (C013)
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration


Rob Berendt