Parameter:
SSL_DISABLE_TLS_10Short description: Disables TLS 1.0 for all server protocols (HTTP, SMTP, IMAP, POP3, LDAP).
Profile
Parameter | SSL_DISABLE_TLS_10 |
Category | Security / TLS |
Component | Server |
Available since | 9.0.1 FP8 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = TLS 1.0 allowed, 1 = TLS 1.0 disabled (recommended) |
Description
SSL_DISABLE_TLS_10=1 switches off TLS protocol version 1.0 across all SSL-capable Domino tasks (HTTP, SMTP, IMAP, POP3, LDAP). TLS 1.0 has been considered obsolete since 2018, is vulnerable to POODLE / BEAST, and is excluded by PCI-DSS, BSI, and many other audit frameworks.In practice, disabling it together with
SSL_DISABLE_TLS_11=1 is mandatory; active ciphers are controlled via SSLCipherSpec or the Domino defaults.Example configuration
SSL_DISABLE_TLS_10=1 SSL_DISABLE_TLS_11=1
Notes & pitfalls
- Applies across protocols (HTTP, SMTP, IMAP, POP3, LDAP) – no separate switches per task needed.
- Once enabled, old clients (Outlook 2010 unpatched, old mobile devices) can no longer connect.
- Recommended for all internet-exposed Domino servers.
- Complemented by
SSL_DISABLE_TLS_11; TLS 1.2 / 1.3 remain active.
- The change only takes effect after restarting the respective tasks (e.g.
restart task http).