SECURING
You can control the level of port encryption and authentication that is used on an HCL Domino® server.
About this task
When NRPC port encryption is enabled on a Domino server, forward secrecy (https://en.wikipedia.org/wiki/Forward_secrecy) using X25519 (https://en.wikipedia.org/wiki/Curve25519) is enabled by default, as of Domino 12. The following table describes the NRPC encryption algorithms used based on the version of the NRPC client connecting to a Domino 12 or later server using the default algorithms. A client can be a Notes client or a Domino server replicating with the Domino 12 server.
Table 1. NRPC encryption algorithms used by client version
As of Domino 9.01 Fix Pack 7, the followingnotes.ini settings are available:
Use LOG_AUTHENTICATION=1 to determine which authentication algorithms are being used. This setting is enhanced to contain information about the new algorithms and to be easier to interpret. For example:
Authenticate {E970014}: CN=Ultraviolet/O=MiniPax T:RC2:128 E:1: P:c:e S:RC4:128 A:4:1 L:N:N:N FS:Authenticate {BA6001C}: CN=Ultraviolet/O=MiniPax T:RC2:128 E:1: P:t:e S:AES-CBC:128 A:2:1 L:N:N:N FS:Authenticate {BA6000B}: CN=Ultraviolet/O=MiniPax T:AES:128 E:1: P:t:e S:AES-GCM:256 A:2:1 L:N:N:N FS:DHE-2048
T shows the ticket algorithm and key size.
S shows the session (network encryption) algorithm and key size.
FS shows the algorithm (if any) used for Forward Secrecy.
E, P, A, and L are unchanged from previous releases.
Parent topic: Encryption
Related reference PORT_ENC_ADV TICKET_ALG_SHA