Nsssl3Ciphers - Netscape DIRECTORY SERVER 7.0 Configuration Manual

nsssl3ciphers

This multi-valued attribute specifies the set of encryption ciphers the Directory
Server will use during SSL communications. For more information on the ciphers
supported by the Directory Server, refer to chapter 11, "Managing SSL and SASL,"
in the Netscape Directory Server Administrator's Guide.
Entry DN:
cn=encryption,cn=config
Valid Values: For domestic versions, any combination of the following:
rsa_null_md5
rsa_rc4_128_md5
rsa_rc4_40_md5
rsa_rc2_40_md5
rsa_des_sha
rsa_fips_des_sha
rsa_3des_sha
rsa_fips_3des_sha
tls_rsa_export1024_with_rc4_56_sha
tls_rsa_export1024_with_des_cbc_sha
Default Value: N/A
Syntax: DirectoryString
+ symbol to enable or - symbol to disable, followed by the cipher(s). It
is important to note that blank spaces are not allowed in the list of
ciphers.
To enable all ciphers (except rsa_null_md5, which must be
specifically called) you can specify +all.
Example:
nsslapd-SSL3ciphers:
+RSA_NULL_MD5,+RC4_56_SHA,-RC4_56_SHA
If you are using the Directory Server Console to set the cipher preferences, the
values on the SSL 3.0 tab of the Cipher Preference dialog box correspond to the
following:
Core Server Configuration Attributes Reference
For SSLv3
For TLS
Chapter 2 Core Server Configuration Reference 97