We recently underwent security auditing (from IBM).
We got repeatedly dinged because we allowed some old ciphers.
So we shut them off.
Apparently even the latest version (as of this email) of MaaS 360 requires
the use of some of the obsolete ciphers for at least a few of their
functions.
So on our Traveler servers located out in our DMZ we had to go back into
the notes.ini and turn on
ECDHE_RSA_WITH_AES_256_CBC_SHA
and TLS 1.0
notes.ini
...
# 2016-04-01 R.Berendt
#
https://www-10.lotus.com/ldd/dominowiki.nsf/dx/TLS_Cipher_Configuration
SSLCipherSpec=C030009FC02F009EC028006BC0270067C014
# Security audit black list:
# RSA_WITH_AES_256_GCM_SHA384 (009D)
# RSA_WITH_AES_128_GCM_SHA256 (009C)
# RSA_WITH_AES_256_CBC_SHA256 (003D)
# RSA_WITH_AES_256_CBC_SHA (0035)
# RSA_WITH_AES_128_CBC_SHA256 (003C)
# RSA_WITH_AES_128_CBC_SHA (002F)
# RSA_WITH_3DES_EDE_CBC_SHA (000A)
# RSA_WITH_RC4_128_SHA (0005)
## ECDHE_RSA_WITH_AES_256_CBC_SHA (C014) Temporarily unblacklisted
# DHE_RSA_WITH_AES_256_CBC_SHA (0039)
# ECDHE_RSA_WITH_AES_128_CBC_SHA (C013)
DISABLE_SSLV3=1
# SSL_DISABLE_TLS_10=1
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.