9.5. Displaying the Encryption Protocols Enabled in Directory Server

To display the enabled encryption protocols in Directory Server:
# ldapsearch -D "cn=Directory Manager" -W -p 389 -h server.example.com -x \
     -s base -b 'cn=encryption,cn=config' sslVersionMin sslVersionMax

dn: cn=encryption,cn=config
sslVersionMin: TLS1.0
sslVersionMax: TLS1.2
The sslVersionMin and sslVersionMax parameter control which encryption protocol versions Directory Server uses. By default, only TLS 1.0 and later versions of the protocol are enabled.


For security reasons, none of the parameters should be set to the insecure SSL2 or SSL3 protocol versions.