Information
SSLv3 contains a vulnerability called the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, which is a man-in-the-middle attack affecting any application that connects to a server via SSLv3. To address the vulnerabilities introduced by the POODLE attack, in Secure Mail, SSLv3 connections will be disabled by default. Secure Mail will always use TLSv1 to connect to the server.
Impact to IBM Notes environments still using SSLv3 connections:
After the upgrade to Secure Mail, you will not be able to connect to the Traveler server if the Notes Traveler server is configured to use SSLv3. There are two ways to resolve this issue:- The recommended solution is to use TLSv1 on the Notes Traveler server. IBM has released a patch in November of last year to prevent the use of SSLv3 in Notes Traveler secure server-to-server communication. This patch has been included as interim fix updates for the following Notes Traveler server versions: 9.0.1 IF7, 9.0.0.1 IF8 and 8.5.3 Upgrade Pack 2 IF8 (and will be included in all future releases). More details on the patch can be foundhere.
- 如果SSLv3连接必须使用的N次方otes Traveler server, this can be changed via a policy on the App Controller: specify “tlsv10_sslv3” for the Secure Mail policy “Connection security level” while uploading the Secure Mail application.