Cn=Encryption - Red Hat DIRECTORY SERVER 8.0 Command Reference Manual

2.3.3. cn=encryption

Encryption related attributes are stored under the cn=encryption,cn=config entry. The
cn=encryption,cn=config entry is an instance of the nsslapdEncryptionConfig object class.
2.3.3.1. nssslsessiontimeout
This attribute sets the lifetime duration of a TLS/SSL. The minimum timeout value is 5 seconds. If a
smaller value is set, then it is automatically replaced by 5 seconds. A value greater than the maximum
value in the valid range below is replaced by the maximum value in the range.
The server has to be restarted for changes to this attribute to go into effect.
Parameter
Entry DN
Valid Range
Default Value
Syntax
Example
2.3.3.2. nssslclientauth
This attribute sets how clients may use certificates to authenticate to the Directory Server for SSL
connections.
The server has to be restarted for changes to this attribute to go into effect.
Parameter
Entry DN
Valid Values
Default Value
Syntax
Example
2.3.3.3. nsSSL2
Supports SSL version 2. SSLv2 is deprecated, and Red Hat strongly discourages using it.
The server has to be restarted for changes to this attribute to go into effect.
Parameter
Entry DN
Description
cn=encryption, cn=config
5 seconds to 24 hours
0, which means use the maximum value in the
valid range above.
Integer
nssslsessiontimeout: 5
Description
cn=encryption, cn=config
off | allowed | required
off means disallow certificate-based
authentication
allowed means clients may use certificates or
other forms of authentication
required means clients must use certificates for
authentication
allowed
DirectoryString
nssslclientauth: allowed
Description
cn=encryption, cn=config
cn=encryption
65