Skip to main content

Posts

Showing posts from December, 2014

A little more on the Poodle (IBM Domino 9.0.1 and the Poodle Vulnerability)

In my last post, I discussed the steps required to get your Domino 9.0.1 server patched against the poodle bug which exists in both SSL 3.0 and TLS.  At the end of the post, I mentioned that I still had one server which was refusing to apply the patch. This is how I got around the problem.  The Server that Wouldn't After taking the patches all the way back to Fix Pack 1 and slowly patching forward one-by-one with reboots in between, I realised that whatever was affecting my server had been installed for a long time. There was no easy way to resolve the problem and obviously I couldn't roll back forever.  I just had to accept the fact that the server would not take the patch and take some more drastic measures. Backup First Of course, before taking any drastic measures, you should always backup first. Personally, I like to have a proper backup as well as a local copy of the main domino files.  That way I don't have to worry about streaming and tapes. I manu

Taming the Poodle in IBM Domino 9.0.1

There's been a lot of talk lately about the Poodle Vulnerability and IBM have provided a rather slow and confusing response full of similarly named files across multiple web pages. We've mostly gotten our systems sorted now but as it was a difficult process, I thought I'd share some of the things I've learned.  If nothing else, I'm sure that other people could benefit from the fix lists being in the one place.  Huge thanks to the guys in the IBM Notes groups on LinkedIn who provided most of the best insights here. The poodle vulnerability isn't a new thing (it's 15 years old) but recently browser vendors, particularly Mozilla (and soon Google) have have issued upgrades which block access to vulnerable sites by default. I guess that means it's time to deal with it.  This is what the Firefox error message looks like. One more thing.... In case you've already dealt with poodle and you think that your system is safe because Mozilla Firefox is