The default enabled ciphers configured by enabling SSL in the RHDS Admin Console contain unsupported ciphers

Solution Unverified - Updated -


  • When I use the redhat-idm-console to enable SSL support for a directory server, the ciphers as displayed in the attachment picture are used by default.
  • When I look at the LDIF in question which is being used, this is what happens:

    replace: nsSSL3Ciphers
    nsSSL3Ciphers: -rsa_null_md5,-rsa_null_sha,+rsa_rc4_128_md5,+rsa_rc4_40_md5,+r
  • When I restart the Directory Server using these settings, I get the following string of error messages in the error log:

    [07/Oct/2015:16:57:21 +0200] - SSL alert: Cipher suite fortezza is not available in NSS 3.19.  Ignoring fortezza
    [07/Oct/2015:16:57:21 +0200] - SSL alert: Cipher suite fortezza_rc4_128_sha is not available in NSS 3.19.  Ignoring fortezza_rc4_128_sha
    [07/Oct/2015:16:57:21 +0200] - SSL alert: Cipher suite fortezza_null is not available in NSS 3.19.  Ignoring fortezza_null


  • Red Hat Directory Server (RHDS) 10.0
  • 389-ds-base-

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content