SSL cipher details

This topic provides more information about the use of ciphers.

  • Ciphers that provide Forward Secrecy are prioritized over ciphers that do not per current OWASP recommendations.
  • ECDHE ciphers are prioritized over the equivalent DHE ciphers to improve performance
  • AES128-GCM ciphers are preferred over the equivalent AES256-CBC ciphers per current OWASP recommendations.
  • We recommend against enabling any of the weaker ciphers. If you do nevertheless, you must also enable the USE_WEAK_SSL_CIPHERS=1 notes.ini parameter.
  • We strongly recommend against using RC4 ciphers in order to protect against the "RC4 Bar Mitzvah" attack. Even if RC4-SHA (0005) is enabled, Domino will only negotiate that cipher if all of the higher-priority ciphers are not supported by the connecting client.

Forward secrecy

The DHE and ECDHE ciphers use Finite Field and Elliptic Curve Ephemeral Diffie-Hellman to provide Perfect Forward Secrecy (PFS), which protect against an attacker capable of passively recording all of the network traffic flowing into a server from later acquiring the server's private key and decrypting all of that recorded traffic. These ciphers significantly increase the security of your SSL/TLS traffic, at the cost of a potentially significant performance impact.

ECDHE Curves

NIST P-256, NIST P-384, and NIST P-521 are supported. The fastest (smallest) mutually supported curve will be chosen by the Domino server as per standard practice. Individual curves can be disabled via SSL_DISABLE_CURVE_P256=1, SSL_DISABLE_CURVE_P384=1, and SSL_DISABLE_CURVE_P521=1. We recommend disabling all ECDHE ciphers if all curves are disabled to improve performance.

DHE Groups

The minimum size for well-known DH groups was increased to 2048 bits as of Domino 9.0.1 FP4 IF2 to better protect against the Logjam attack, except for DHE_RSA_WITH_AES_128_CBC_SHA which will always use a 1024 bit group for compatibility with Java 6. That cipher is among the list of weak ciphers.

Custom DH groups are supported via the SSL_DH_PARAMS notes.ini setting. Setting it to a PEM-encoded DH Parameters file will cause Domino to use that custom group instead of a standard group. 1024 bit custom groups are allowed, but we recommend regenerating 1024 bit custom groups on a regular basis.
Sample 1024 bit DH parameters: