WHAT'S NEW IN DOMINO 12?
Support for forward secrecy (https://en.wikipedia.org/wiki/Forward_secrecy) using X25519 (https://en.wikipedia.org/wiki/Curve25519) has been added to NRPC port encryption on the Domino 12 server.
When NRPC port encryption is enabled on a Domino 12 server, forward secrecy using X25519 is now enabled by default. The following table describes the NRPC encryption algorithms used based on the version of the NRPC client connecting to a Domino 12 server using the default algorithms. A client can be a Notes client or a Domino server replicating with the Domino 12 server.
Table 1. NRPC encryption algorithms used by client version
Note that use of the PORT_ENC_ADV notes.ini setting to configure NRPC port encryption overrides the default behavior. If you currently use the PORT_ENC_ADV setting and want to enable X25519 for forward secrecy, add 32 to your current value for that setting. The client side of the network connection advertises which algorithms it supports, and the server selects the most secure combination that both client and server support based on the server-side notes.ini setting. For more information, see the topic PORT_ENC_ADV. (Note that PORT_ENC_ADV=0 is a valid setting that results in the disablement of all modern algorithms.)
We recommend enabling LOG_AUTHENTICATION=1 so you can see which algorithms are being used to authenticate and encrypt your NRPC traffic.
Parent topic: New security features and enhancements