Home
What's new in Domino 14?
Learn about all of the new features for administrators in HCL Domino® 14.
What's New in 14.0?
HCL Domino 14.0 introduces the following new features and enhancements.
Enhancements related to security features
HCL Domino 14.0 provides the following enhancements related to security features.
Document and email encryption capabilities
HCL Domino 14.0 provides the following person document/email encryption capabilities.

What's new in Domino 14?
Learn about all of the new features for administrators in HCL Domino® 14.
- What's new in 14.0 Fixpack 1?
- What's New in 14.0?
  HCL Domino 14.0 introduces the following new features and enhancements.
  - Enhancements related to security features
    HCL Domino 14.0 provides the following enhancements related to security features.
    - Updated default TLS ciphers
      Domino 14 has updated the default TLS ciphers to include only ciphers with PFS, AEAD, and SHA-2 according to current security best practices.
    - Security policy for ID file encryption
      In Domino 14.0, you can set a policy to upgrade the algorithm used to encrypt the ID file to AES-128 with SHA-256, or AES-256 with SHA-512, when changing the password.
    - Global OpenID Connect (OIDC) enhancements
      In Domino 14.0, the per-process JWK Cache and JWKCacheMgrThread from 12.0.2 have been combined into a global, cross-process OIDC provider cache.
    - Web user login with OIDC enhancements
      HCL Domino 14.0 provides the following web user login with OIDC enhancements.
    - HTTP Bearer authentication replacements
      HCL Domino 14.0 provides the following HTTP Bearer authentication replacements.
    - Enhanced OpenID Connect 1.0 (OIDC) provider support
      Domino 14.0 improves our support for Microsoft's less-than-standard OIDC providers.
    - SHA256 support for Internet password in Domino directory
      With Domino 14.0, users' password hashes will now be updated to SHA256 when they change their Internet passwords in the Person Document.
    - New Passkey authentication
      HCL Domino 14.0 introduces authentication with passkey via the WebAuthn/FIDO2 protocol.
    - Third-party access token validation
      There is a new API that is exposed in the SDK for 14.0. This would be usable from any server process, and would leverage the trusted OIDC providers configured in idpcat.nsf to validate access tokens.
    - Document and email encryption capabilities
      HCL Domino 14.0 provides the following person document/email encryption capabilities.
    - Cluster-safe, sprayable, single-server session cookies (DomAuthSessId)
      When enabled by setting the new notes.ini DominoSessionCookieUniqueNames=1 the name of the DomAuthSessId cookie becomes DomAuthSessIdABCDEFGHIJK, where ABCDEFGHIJK is the first 11 characters of Base64url [SHA256 (Domino server DN)]. This causes multiple Domino servers that are all serving the same internet site to choose unique cookie names instead of overwriting each other's cookies.
    - New version of OpenSSL
      HCL Domino provides a new OpenSSL version.
    - ID file login prevention
      Notes 14.0 provides the following enhancement for Notes Federated Login.
  - New AdminCentral app
    The AdminCentral application (admincentral.nsf) is automatically created by adminP on the Domino administration server. You can open AdminCentral directly from your Notes Standard or Nomad web client, without the need to start Domino Administrator.
  - AutoUpdate for software download and distribution
    This new feature notifies you of the latest Domino and Domino product family available on the Domino server. You can use AutoUpdate to download selected software from the My HCLSoftware portal and have it distributed to groups or selected Domino servers.
  - One-touch setup enhancements
    HCL Domino 14.0 includes Domino one-touch setup enhancements.
  - Domino installation inclusions
    Domino installation now includes HCL Verse, HCL Nomad server on Domino, and OnTime Group Calendar.
  - Windows installer updates
    Domino install no longer supports the notes.ini in the executable directory on Windows.
  - Auto-notifications for the latest product versions
    This opt-in feature makes administrators aware of the latest version available for Domino and Domino companion products.
  - Upgrade to HCL Notes 64-bit using AutoUpdate
    Starting with Domino 14.0, only 64-bit Notes clients are supported. Users upgrading servers from Domino 12.0.2 (or earlier) to 14.0 with a 32-bit client will need to upgrade to the 64-bit version. If a user is already running a 64-bit client, administrators can set up Auto Update (AUT) to support the upgrade anyway.
  - External email notifications
    Administrators can now have text added to the top of all incoming email sent by users outside your domains. This message might be used to remind your users to use caution and avoid clicking links or opening file attachments in messages that haven't originated from within your environment.
  - Enabled policy for delayed mail delivery
    In Notes mail, the Send Later button is easy for users to discover, and the Domino policy that allows Notes users to see that option is now enabled by default.
  - Disable LotusScript Debugger in HCL Notes
    You can set a desktop policy to disable the LotusScript Debugger in your Notes client.
  - Files tab supports database encryption
    Previously, an administrator could only change the encryption status of a single database. Now, by using the Files panel of the Administration client, an admin can select multiple databases and change their encryption settings. An admin can also see the current encryption state and strength for all databases.
  - DAOS repair in a Domino cluster
    With the DAOSmgr Repair Tell command, Domino administrators can scan the DAOS catalog for objects marked as missing during DAOS resynchronization and attempt to repair them from the server's cluster mates.
  - Domino Restyle enhancements
    Domino Restyle updates an application's UI elements with a color-coordinated, cleaner look and feel. The following enhancements are supported by Notes 14.
  - Other updates
    Domino 14.0 also includes the following updates.
- Components no longer included in this release
  The following components are no longer included in Domino 14.

Document and email encryption capabilities

HCL Domino 14.0 provides the following person document/email encryption capabilities.

We added support for Notes document/email encryption with 128 and 256-bit AES (instead of RC2) in 8.0.1, but due to backwards compatibility concerns (users on clients older than 8.0.1 wouldn't be able to read those documents), it was blocked behind a setting that could only be enabled through an Admin client wizard. Also, because the Admin client wizard and our documentation called the functionality "FIPS 140-2 support" instead of "AES support" the uptake of this functionality, outside of our more security-conscious customers, has been very low.

In order to improve the update of the legacy AES document and email encryption support, we have addressed the following points:

14.0 no longer requires the presence of that person document setting to use AES encryption for a given recipient, as nobody sending encrypted mail from 14.0 is likely to be sending email to someone on a Notes client older than 8.0.1.
The wording used in that Admin client wizard has changed from "FIPS 140-2" to "AES", which should encourage more adminstrators to enable that setting.
Newly registered user IDs in 14.0 will have that setting enabled by default, so end users running on an older client will see those recipients as AES capable.
The default algorithm used for document encryption (including Notes-formatted email) in 14.0 is 256-bit AES
Use of the OpenSSL library's FIPS provider is now being accurately displayed in the Document Encryption and Signing Properties dialog.

You can tell what encryption and signing algorithms were used on a document with the "Document Encryption and Signing" button on the bottom of the Notes client to the right of the status bar:

HCL Notes Document Encryption and Signing button with encryption icon

Document Encryption and Signing Properties dialog box