Home
What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
What's new in 12.0.1?
HCL Domino 12.0.1 introduces the following new features.
Enhancements related to security features
HCL Domino 12.0.1 provides the following enhancements related to security features.
New algorithms for importing and exporting S/MIME and TLS credentials
Domino 12.0.1 adds more flexibility and security by supporting new algorithms for the PKCS#12 and PEM functionality used for importing and exporting S/MIME and TLS credentials.

What's new in Domino 12?
Learn about all of the new features for administrators in HCL Domino® 12.
- What's new in 12.0.1?
  HCL Domino 12.0.1 introduces the following new features.
  - Enhancements related to security features
    HCL Domino 12.0.1 provides the following enhancements related to security features.
    - ID files in mail files no longer used for vaulted iNotes and Verse users
      In this release, if an iNotes or Verse user has an ID file in the vault, the vaulted ID is always used for secure mail operations.
    - Certificate Manager enhancements
      Certificate Manager (CertMgr) includes the following enhancements for HCL Domino 12.0.1.
    - TOTP enhancements
      The following TOTP enhancements are provided in Domino 12.0.1
    - New algorithms for importing and exporting S/MIME and TLS credentials
      Domino 12.0.1 adds more flexibility and security by supporting new algorithms for the PKCS#12 and PEM functionality used for importing and exporting S/MIME and TLS credentials.
    - Use Notes Shared Login to secure server ID files
      The Notes Shared Login (NSL) functionality has been extended to securing server ID files.
    - More secure internet passwords supported when logging on to Domino Java console
      Administrators whose Internet passwords have the secure Internet password option Yes - Password verification compatible with Notes/Domino release 8.0.1 set can now log on to the Domino Java Console. Previously, this level of Internet password security was not supported for the Java console.
    - New qvault command option to update user data
      A new qvault command option, -p, allows you to update user data in the ID vault.
  - One-touch setup enhancements
    HCL Domino 12.0.1 includes Domino one-touch setup enhancements.
  - Silent installs supported for cascaded MUI pack
    Silent installs are supported for the cascaded Multilingual User Interface (MUI) pack introduced in V12.0
  - Beta version of 64-bit Windows clients
    A beta version of a 64-bit Domino Designer client, Administrator client, and Notes standard client for Windows (English-only) is provided through a separate installer.
  - Improved name lookup to find Active Directory users
    When Domino users want to add the names of Active Directory users or groups to Domino groups, database ACLs, or email messages, Active Directory can now be one of the directories that is available for them to search.
  - Auto-processing of rename requests
    A new features allows you to configure the Administration Process to automatically process rename requests for users who have Notes IDs in the vault. This feature avoids the need for a user to authenticate with a Domino server from the Notes client to kick off rename processing.
  - Entitlement tracking enhancements
    HCL Domino 12.0.1 provides the following enhancements to the Entitlement tracking feature.
  - Mail routing between Domino and domains with Internationalized Domain Names (IDNs)
    Domino mail users can now communicate with non-Domino mail users who use internationalized domain names (IDNs) in their email addresses.
  - DKIM signing for messages routed to external Internet domains
  - Hide folders in the Files tab of the Domino Administrator
    A new server notes.ini setting allows you to prevent specified folders in the Domino data directory from loading in the Files tab of the Domino Administrator.
  - Backup and restore enhancements
    V12.0.1 provides the following enhancements for backup and restore functionality.
  - New Updall options
    New Updall options are available.
  - Compact enhancement
    When you use the compact command with -c, -X, and -restart options, a file called <database>.restart is created when the time limit specified by -X is reached.
  - New Notes client notes.ini settings
    Use notes.ini settings to customize the following aspects of the Notes 12.0.1 client.
  - notes.ini setting recommendation for Windows Server 2022
    Windows Server 2022 is supported as of HCL Domino 12.0.1. If high-traffic mail or applications servers on this platform exhibit performance issues (high system CPU usage or hangs), to improve performance, use the notes.ini setting OS_DISABLE_CACHESET=1. This setting disables manipulation of the Microsoft File System Cache.
  - .ind file enhancements
    HCL Domino 12.0.1 provides .ind files enhancements.
  - R4.6 and R5 sections removed from Domino directory
    Sections of the Domino directory that pertained only to Domino R4.6 or R5 are removed in HCL Domino 12.0.1.
  - New Java Runtime Environment (12.0.1)
    A new Java Runtime Environment (JRE) is provided with HCL Domino 12.0.1 and HCL Domino Designer 12.0.1.
- What's new in 12.0?
  HCL Domino 12.0 introduces the following new features.
- Components no longer included in this release
  The following components are no longer included.

New algorithms for importing and exporting S/MIME and TLS credentials

Domino 12.0.1 adds more flexibility and security by supporting new algorithms for the PKCS#12 and PEM functionality used for importing and exporting S/MIME and TLS credentials.

This enhancement applies to the new 12.0.1 TLS import and export features Upgrading TLS credentials and Exporting credentials to a file. It also applies to the PKCS#12 functionality for existing import and export features such as Exporting and importing Internet certificates.

Importing credentials Importing credentials from an encrypted PEM or PKCS#12 file now supports AES-CBC with 128, 192, and 256 bit keys and a SHA-2 PRF (hmacWithSHA256, hmacWithSHA384, and hmacWithSHA512). The older 3DES-CBC and SHA-1 (hmacWithSHA1) algorithms are still supported for backward compatibility.

Exporting credentials Exporting credentials to a PEM or PKCS#12 file uses PBES2 with 256 bit AES, 4096 iterations, and HMAC-SHA2, in accordance with current best practices.

If you need to export PKCS#12 formatted credentials for use with an older version of Notes or Domino or a different product that does not support PKCS#12 files that are encrypted with AES, use the following notes.ini setting:

PKCS12_EXPORT_LEGACY=1

This setting downgrades all of the PKCS#12 files exported to use SHA-1 and 3DES instead of SHA-2 and AES-256. An example of a product that does not currently support PKCS#12 files encrypted with AES is HCL Sametime V11. Use this setting on the client or server that you use to do the export. If you export from a Person document, certstore.nsf, or the Notes client, add the setting to the Notes client. If you export using server console commands, add the setting to the server.