IBM Notes Traveler Companion security settings

Starting with IBM® Notes® Traveler Companion 2.0.5 and IBM Traveler server 8.5.3.2, there are new security settings available that control how Companion connects to the IBM Traveler server and how attachments in encrypted mails can be used on the mobile device.

These new options are controlled by a setting called NTS_COMPANION_POLICY that can be added to the notes.ini on the IBM Traveler server. The IBM Traveler server must be restarted after these settings are saved to notes.ini. Note that in order for these settings to be used, the Companion version must be 2.0.5 or higher and the IBM Traveler server must be 8.5.3.2 or higher. If any of these settings are present in the server configuration, and an Apple iOS device user has not upgraded their Companion application to at least version 2.0.5 from the Apple App store, then the IBM Traveler server will not allow the Companion application to connect to the server. In this case, the old Companion application will fail with an "Unknown error" message. The solution is to have the mobile device user upgrade their Companion application from the App store to the latest available version.
Table 1.
Notes®.ini setting name Values Description
NTS_COMPANION_POLICY nountrustedcert
Prevents the Companion application from connecting to any server using an untrusted or expired SSL certificate. If this setting is present and Companion detects an untrusted or expired SSL certificate, then the Apple device user will receive an error indicating that a connection cannot be made because of an untrusted server. If this setting is not present, then Companion will warn the user that an untrusted server was detected, but it will give the user the choice to cancel or continue with the connection to the IBM Traveler server.
Note: This setting only applies to Traveler Companion if it connects to the IBM Traveler server using an SSL connection. Non-SSL connections are supported, but SSL is highly recommended.
Note: Traveler Companion 2.0.5 now includes a setting on the application menus to Allow invalid certificate. If the nountrustedcert policy has been applied, this setting will be grayed out and cannot be changed by an end user.
noexport Prevents attachments within encrypted mail from being printed, or exported to or viewed by any third party application on the Apple device. By setting this policy, only attachments that are viewable using Apple built-in viewers can be opened on the Apple device. If this setting is not present, then attachments can be opened by third party applications installed on the Apple device that support this type of attachment.
NTS_COMPANION_POLICY can have multiple values by separating the values with a comma. For example, to include both of the new options, use the following in notes.ini:
NTS_COMPANION_POLICY=nountrustedcert,noexport