SSLDisableExportCipher Error Message on Domino6 Console

Tripp W Black on 03/29/2003 at 01:57 AM


Category: Domino Server Issues Troubleshooting
Authentication

Here is the statement from Lotus Support:

Development: Not A Bug

General Comments: These console messages are produced as a result of changes which we had to make to SSL to make it more standards compliant.
Disabling weak ciphers is the right thing to do when the server key is strong...
Using export-grade ciphers with an RSA server key stronger than 512-bits is explicitly prohibited in the SSL v3 and TLS specifications. Starting in 6.0, the Domino SSL server will refuse to use an EXPORT cipher with a server key larger than 512 bits or an EXPORT1024 cipher with a server key larger than 1024 bits.
They can try disabling the SSL Cipher settings (for HTTP only) for anything lower than 128 in the server document, and this might reduce the messages they see when a user connects via the browser. This actually prevented me from the seeing the console message that I had been previously seeing. However, the intial console message will still come up when the server starts.


How to disable "...RSA_EXPORT_WITH_RC4_40_MD5" - step by step:
- open the server document
- Ports
- Internet Ports
- Web
- SSL-Security
- Modify
- disable "RC4 encryption with 40-bit key and MD5 MAC"
- enable "No encryption with MD5 MAC"


previous page