Parameter:
SSL_DISABLE_TLS_13Short description: Disables TLS 1.3 on the Domino TLS stack (counterpart to
SSL_DISABLE_TLS_10/11/12).Profile
Parameter | SSL_DISABLE_TLS_13 |
Category | Security / TLS |
Component | Server |
Available since | 14.0 |
Supported versions | 14.0, 14.5, 14.5.1 |
GUI equivalent | notes.ini only (no GUI) |
Possible values | 0 = TLS 1.3 active (default), 1 = TLS 1.3 disabled |
Description
With Domino 14, TLS 1.3 is active by default. If an upstream device (load balancer, IDS, legacy client) has problems with TLS 1.3,
SSL_DISABLE_TLS_13=1 can disable TLS 1.3 specifically while TLS 1.2 keeps working.Example configuration
SSL_DISABLE_TLS_13=1
Notes & pitfalls
- Use only as a temporary workaround – TLS 1.3 is more secure and faster.
- Complements the
SSL_DISABLE_TLS_10,SSL_DISABLE_TLS_11,SSL_DISABLE_TLS_12family.
- Affects both HTTP/HTTPS and other internet protocols (LDAP, SMTP, IMAP, POP3) with TLS.
- After enabling, validate with
nmap --script ssl-enum-ciphers -p 443 host.
- The change takes effect after restarting the TLS-using tasks.