For over 8 years, there's been post after post, PMR after PMR, IdeaJam idea after idea on upgrade Domino's SSL security in order to keep it current.
(Here's a google search for: Please upgrade Domino SSL )
While they've been very busy apparently doing nothing about this, IBM's also been very quiet about it, although they have acknowledged that IBM's PAYING CUSTOMERS think it's important (see here).
Now, we expect to hear something about how to fix this. SOON. It's not like IBM hasn't had time to prepare.
Give me details!
Bill Malchisky covers the actual vulnerability very well, so I'll send you his way for the techy detail: New SSL3 Exploit: The POODLE Is Here and Lifting Its Leg ( http://planetlotus.org/c4db50 )
Update See the comments for some mitigation options for Domino. UNTIL IBM FIXES THIS.
Craig Wiseman October 15th, 2014 07:50:22 AM