Configuring the level of port encryption and authentication

You can control the level of port encryption and authentication that is used on an IBM® Domino® server.

About this task

If you install Domino® 9.01 Fix Pack 7 or a later fix pack, the following notes.ini settings are available:

  • PORT_ENC_ADV. Use this setting to control the level of port encryption and to enable the use of AES tickets.
  • TICKET_ALG_SHA. Use this setting to control which cryptographic algorithm to use when constructing tickets.

Use DEBUG_PORT_ENC_ADV=1 to see detail about the new algorithms and any errors encountered when using them.

Use LOG_AUTHENTICATION=1 to determine which authentication algorithms are being used. This setting is enhanced to contain information about the new algorithms and to be easier to interpret. For example:
Authenticate {E970014}: CN=Ultraviolet/O=MiniPax
           T:RC2:128 E:1:  P:c:e S:RC4:128 A:4:1 L:N:N:N FS:
Authenticate {BA6001C}: CN=Ultraviolet/O=MiniPax
           T:RC2:128 E:1:  P:t:e S:AES-CBC:128 A:2:1 L:N:N:N FS:
Authenticate {BA6000B}: CN=Ultraviolet/O=MiniPax
           T:AES:128 E:1:  P:t:e S:AES-GCM:256 A:2:1 L:N:N:N FS:DHE-2048

T shows the ticket algorithm and key size.

S shows the session (network encryption) algorithm and key size.

FS shows the algorithm (if any) used for Forward Secrecy.

E, P, A, and L are unchanged from previous releases.