I thought I’d proactively post since there are no posts yet about a Domino service w/ SSL V3 allowing V2 connections. There is a semi-related post in the 6/6.5 forum.
Specifically, you have clients with Domino servers with ports open to the Internet secured with SSL (HTTP, IMAP, etc.) which may or may not include e-comm with the credit card companies.
You have a VISA compliancy audit and fail because your server is allowing SSL V2 connections. You change the setting to SSL V3 only but then IE and Safari cannot connect. (Firefox 2.x still connects fine.) The browsers have to have the handshake up to V3.
The bug is that Domino is not forcing the V2 connections to upgrade to V3 and letting them communicate in V2. Since V2 has a vulnerability, this is a big issue even if the specific Domino server is not the e-comm server.
Solution:
According to Lotus Support, the code to fix this issue will be included in the next maintenance release for both 8 and 8.5 codestreams: 8.0.3 is around Aug 2009 and 8.5.1 is TBD according to Lotus Support. We were able to get a 8.02 and 8.5 hotfix from Lotus which did fix this issue for the interim. The hotfix also fixes the issue on LDAP and POP3 SSL if you use those ports. The SPR to reference is BMKH7ESNN5.