Netscape DIRECTORY SERVER 6.01 - ADMINISTRATOR Administrator's Manual page 382

Setting Security Preferences
• FIPS Triple DES with 168-bit encryption and SHA message authentication. This
cipher meets the FIPS 140-1 US government standard for implementations of
cryptographic modules.
To select the ciphers you want the server to use:
Make sure SSL is enabled for your server.
1.
For information, see "Activating SSL," on page 379.
On the Directory Server Console, select the Configuration tab and then select
2.
the topmost entry in the navigation tree in the left pane.
Select the Encryption tab in the right pane.
3.
This displays the current server encryption settings.
Click Cipher Settings.
4.
The Cipher Preference dialog box is displayed.
In theCipher Preference dialog box, specify which ciphers you want your
5.
server to use by selecting them from the list, and click OK.
Unless you have a security reason to not use a specific cipher, you should select
all of the ciphers, except for
On the Encryption tab, click Save.
6.
CAUTION
In order to continue using the Netscape Console with SSL, you must select at least
one of the following ciphers:
• RC4 cipher with 40-bit encryption and MD5 message authentication.
• No encryption, only MD5 message authentication.
• DES with 56-bit encryption and SHA message authentication.
• RC4 cipher with 128-bit encryption and MD5 message authentication.
• Triple DES with 168-bit encryption and SHA message authentication.
382 Netscape Directory Server Administrator's Guide • January 2002
none,MD5
Avoid selecting the
none,MD5
option if no other ciphers are available on the client. It is not secure
because encryption doesn't occur.
.
cipher because the server will use this