Show Table of Contents
9.6.1. Automatically Using the Strongest Protocol in the
Identifying if
Removing the
9.6. Setting the Encryption Protocol Versions
Update the
sslVersionMin
and sslVersionMax
parameters to set which encryption protocols Directory Server uses.
Important
To always use the strongest supported encryption protocol version in the
sslVersionMax
parameter, do not set this parameter. See Section 9.6.1, “Automatically Using the Strongest Protocol in the sslVersionMax
Parameter”.
For example, to enable only TLS 1.1 and 1.2:
- Update the
sslVersionMin
andsslVersionMax
parameters:# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=encryption,cn=config changetype: modify replace: sslVersionMin sslVersionMin: TLS1.1 - replace: sslVersionMax sslVersionMax: TLS1.2
- Restart the Directory Server instance:
# systemctl restart dirsrv@instance_name
9.6.1. Automatically Using the Strongest Protocol in the sslVersionMax
Parameter
If the
sslVersionMax
parameter is not set, which is the default, Directory Server uses the strongest supported encryption protocol version for this parameter. This enables you to always have the strongest protocol version enabled after an update.
Identifying if sslVersionMax
is Not Set
Even if
sslVersionMax
is not set, the parameter is returned in a search. To identify if the parameter is not set:
# grep sslVersionMax /etc/dirsrv/slapd-instance_name/dse.ldif
If the command displays no output, the parameter is not set and uses the default, which is the strongest supported encryption protocol.
Removing the sslVersionMax
Parameter
Remove the
sslVersionMax
parameter to use its default setting:
- Remove the
sslVersionMax
parameter:# ldapmodify -D "cn=Directory Manager" -W -p 389 -h server.example.com -x dn: cn=encryption,cn=config changetype: modify delete: sslVersionMax
- Restart the Directory Server instance:
# systemctl restart dirsrv@instance_name
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.