Server User Manual
cn=encryption
75
Multi- or Single-Valued Multi-valued
Defined in Changelog Internet Draft
2.3.3. cn=encryption
Encryption related attributes are stored under the cn=encryption,cn=config entry. The
cn=encryption,cn=config entry is an instance of the nsslapdEncryptionConfig object class.
2.3.3.1. nsSSLSessionTimeout
This attribute sets the lifetime duration of a TLS/SSL. The minimum timeout value is 5 seconds. If a
smaller value is set, then it is automatically replaced by 5 seconds. A value greater than the maximum
value in the valid range below is replaced by the maximum value in the range.
The server has to be restarted for changes to this attribute to go into effect.
Parameter Description
Entry DN cn=encryption, cn=config
Valid Range 5 seconds to 24 hours
Default Value 0, which means use the maximum value in the
valid range above.
Syntax Integer
Example nsSSLSessionTimeout: 5
2.3.3.2. nsSSLclientauth
This attribute sets how clients may use certificates to authenticate to the Directory Server for SSL
connections.
The server has to be restarted for changes to this attribute to go into effect.
Parameter Description
Entry DN cn=encryption, cn=config
Valid Values off | allowed | required
off means disallow certificate-based
authentication
allowed means clients may use certificates or
other forms of authentication
required means clients must use certificates for
authentication
Default Value allowed
Syntax DirectoryString
Example nsSSLclientauth: allowed
2.3.3.3. nsSSL2
Supports SSL version 2. SSLv2 is deprecated, and Red Hat strongly discourages using it.
The server has to be restarted for changes to this attribute to go into effect.