9.7. Setting the Highest TLS Encryption Protocol Version

To set the highest TLS protocol version Directory Server supports, enter:
# dsconf -D "cn=Directory Manager" ldap://server.example.com security set --tls-protocol-max="protocol_version"
If you set the parameter to a value lower than in sslVersionMin, then Directory Server sets sslVersionMax to the same value as sslVersionMin.


To always use the strongest supported encryption protocol version in the sslVersionMax parameter, do not set this parameter.