Chapter 6. Directory Server in Red Hat Enterprise Linux

Previously, Directory Server running on Red Hat Enterprise Linux 6 provided no configuration options to enable or disable specific TLS versions. For example, it was not possible to disable the insecure TLS 1.0 protocol while keeping later versions enabled. This updates adds the nsTLS10, nsTLS11, and nsTLS12 parameters to the cn=encryption,cn=config entry. As a result, it is now possible to configure specific TLS protocol versions in Directory Server.

Note, that these parameters have a higher priority than the nsTLS1 parameter, that enables or disables all TLS protocol versions. (BZ#1330758)