Parameter:
SSL_DISABLE_TLS_12Short description: Disables TLS 1.2 for Domino internet ports – only useful in special cases and security-critical.
Profile
Parameter | SSL_DISABLE_TLS_12 |
Category | Security / TLS |
Component | Server |
Available since | 12.0 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = TLS 1.2 active (default) • 1 = TLS 1.2 disabled |
Description
SSL_DISABLE_TLS_12 switches off TLS version 1.2 for all internet ports of the Domino server. In modern environments this is almost never used – TLS 1.2 is the minimum standard and should remain active. There are sensible use cases only when exclusively TLS 1.3 should be allowed (very restrictive compliance) or when a bug in a specific TLS 1.2 implementation needs to be worked around.Example configuration
SSL_DISABLE_TLS_12=0
Notes & pitfalls
- Caution:
=1locks out all clients that do not speak TLS 1.3 – this affects older browsers, MFP devices, mail clients, third-party systems.
- Takes effect after restarting the respective TLS task (HTTP, SMTP, IMAP, LDAP, …).
- Complementary to
DISABLE_SSLV3,SSL_DISABLE_TLS_10,SSL_DISABLE_TLS_11.
- Test with test clients before enabling in production.