Home
What's new in Domino 14?
Learn about all of the new features for administrators in HCL Domino® 14.
What's New in 14.0?
HCL Domino 14.0 introduces the following new features and enhancements.
Enhancements related to security features
HCL Domino 14.0 provides the following enhancements related to security features.
Updated default TLS ciphers
Domino 14 has updated the default TLS ciphers to include only ciphers with PFS, AEAD, and SHA-2 according to current security best practices.

What's new in Domino 14?
Learn about all of the new features for administrators in HCL Domino® 14.
- What's new in 14.0 Fixpack 1?
- What's New in 14.0?
  HCL Domino 14.0 introduces the following new features and enhancements.
  - Enhancements related to security features
    HCL Domino 14.0 provides the following enhancements related to security features.
    - Updated default TLS ciphers
      Domino 14 has updated the default TLS ciphers to include only ciphers with PFS, AEAD, and SHA-2 according to current security best practices.
    - Security policy for ID file encryption
      In Domino 14.0, you can set a policy to upgrade the algorithm used to encrypt the ID file to AES-128 with SHA-256, or AES-256 with SHA-512, when changing the password.
    - Global OpenID Connect (OIDC) enhancements
      In Domino 14.0, the per-process JWK Cache and JWKCacheMgrThread from 12.0.2 have been combined into a global, cross-process OIDC provider cache.
    - Web user login with OIDC enhancements
      HCL Domino 14.0 provides the following web user login with OIDC enhancements.
    - HTTP Bearer authentication replacements
      HCL Domino 14.0 provides the following HTTP Bearer authentication replacements.
    - Enhanced OpenID Connect 1.0 (OIDC) provider support
      Domino 14.0 improves our support for Microsoft's less-than-standard OIDC providers.
    - SHA256 support for Internet password in Domino directory
      With Domino 14.0, users' password hashes will now be updated to SHA256 when they change their Internet passwords in the Person Document.
    - New Passkey authentication
      HCL Domino 14.0 introduces authentication with passkey via the WebAuthn/FIDO2 protocol.
    - Third-party access token validation
      There is a new API that is exposed in the SDK for 14.0. This would be usable from any server process, and would leverage the trusted OIDC providers configured in idpcat.nsf to validate access tokens.
    - Document and email encryption capabilities
      HCL Domino 14.0 provides the following person document/email encryption capabilities.
    - Cluster-safe, sprayable, single-server session cookies (DomAuthSessId)
      When enabled by setting the new notes.ini DominoSessionCookieUniqueNames=1 the name of the DomAuthSessId cookie becomes DomAuthSessIdABCDEFGHIJK, where ABCDEFGHIJK is the first 11 characters of Base64url [SHA256 (Domino server DN)]. This causes multiple Domino servers that are all serving the same internet site to choose unique cookie names instead of overwriting each other's cookies.
    - New version of OpenSSL
      HCL Domino provides a new OpenSSL version.
    - ID file login prevention
      Notes 14.0 provides the following enhancement for Notes Federated Login.
  - New AdminCentral app
    The AdminCentral application (admincentral.nsf) is automatically created by adminP on the Domino administration server. You can open AdminCentral directly from your Notes Standard or Nomad web client, without the need to start Domino Administrator.
  - AutoUpdate for software download and distribution
    This new feature notifies you of the latest Domino and Domino product family available on the Domino server. You can use AutoUpdate to download selected software from the My HCLSoftware portal and have it distributed to groups or selected Domino servers.
  - One-touch setup enhancements
    HCL Domino 14.0 includes Domino one-touch setup enhancements.
  - Domino installation inclusions
    Domino installation now includes HCL Verse, HCL Nomad server on Domino, and OnTime Group Calendar.
  - Windows installer updates
    Domino install no longer supports the notes.ini in the executable directory on Windows.
  - Auto-notifications for the latest product versions
    This opt-in feature makes administrators aware of the latest version available for Domino and Domino companion products.
  - Upgrade to HCL Notes 64-bit using AutoUpdate
    Starting with Domino 14.0, only 64-bit Notes clients are supported. Users upgrading servers from Domino 12.0.2 (or earlier) to 14.0 with a 32-bit client will need to upgrade to the 64-bit version. If a user is already running a 64-bit client, administrators can set up Auto Update (AUT) to support the upgrade anyway.
  - External email notifications
    Administrators can now have text added to the top of all incoming email sent by users outside your domains. This message might be used to remind your users to use caution and avoid clicking links or opening file attachments in messages that haven't originated from within your environment.
  - Enabled policy for delayed mail delivery
    In Notes mail, the Send Later button is easy for users to discover, and the Domino policy that allows Notes users to see that option is now enabled by default.
  - Disable LotusScript Debugger in HCL Notes
    You can set a desktop policy to disable the LotusScript Debugger in your Notes client.
  - Files tab supports database encryption
    Previously, an administrator could only change the encryption status of a single database. Now, by using the Files panel of the Administration client, an admin can select multiple databases and change their encryption settings. An admin can also see the current encryption state and strength for all databases.
  - DAOS repair in a Domino cluster
    With the DAOSmgr Repair Tell command, Domino administrators can scan the DAOS catalog for objects marked as missing during DAOS resynchronization and attempt to repair them from the server's cluster mates.
  - Domino Restyle enhancements
    Domino Restyle updates an application's UI elements with a color-coordinated, cleaner look and feel. The following enhancements are supported by Notes 14.
  - Other updates
    Domino 14.0 also includes the following updates.
- Components no longer included in this release
  The following components are no longer included in Domino 14.

Updated default TLS ciphers

Domino 14 has updated the default TLS ciphers to include only ciphers with PFS, AEAD, and SHA-2 according to current security best practices.

For more information, see the related topic in Modifying TLS cipher restrictions.