@
Updating the List of Enabled Ciphers
https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/enabling_tls#idm140548437003312
exec
dsconf -D "cn=Directory Manager" testinst security ciphers set
"-all,+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
returns
usage: dsconf instance security ciphers set [-h] cipher-string
dsconf instance security ciphers set: error: the following arguments
are required: cipher-string
checking
dsconf instance security ciphers set -h
usage: dsconf instance security ciphers set [-h] cipher-string
Use this command to directly set nsSSL3Ciphers attribute. It is
a comma separated list of cipher names (prefixed with + or
-), optionally including +all or -all. The attribute may
optionally be prefixed by keyword default. Please refer to
documentation of the attribute for a more detailed description.
positional arguments:
cipher-string
optional arguments:
-h, --help show this help message and exit
re-attempt rm'in "-all"
dsconf -D "cn=Directory Manager" testinst security ciphers set
"+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
Remeber to restart the server to apply the new cipher set.
(^^^^ fyi, typo)
Some ciphers may be disabled anyway due to allowWeakCipher
attribute.
but, here
grep -i weak /etc/dirsrv/slapd-testinst/dse.ldif
allowWeakCipher: off
allowWeakDHParam: off
_______________________________________________
389-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/[email protected]
