HP-UX Directory Server Administrator Guide HP-UX Directory Server Version 8.1 (5900-3098, May 2013)

Table 60 SSLv3 ciphers (continued)

Message

authentication

Symmetric

key bit size

Encryption

algorithm

Key exchangeDirectory Server name

MD5N/Anull (none)RSArsa_null_md5

SHA80fortezzafortezzafortezza

SHA128RC4fortezzafortezza_rc4_128_sha

SHAN/Anull (none)fortezzafortezza_null

12.6.2 Selecting the encryption cipher

To select the ciphers for the Directory Server to use:

1. Make sure TLS/SSL is enabled for the server. For instructions on enabling TLS/SSL, see “Starting

the server with TLS/SSL enabled” (page 480).

2. In the Directory Server Console, select the Configuration tab, then select the topmost entry in

the navigation tree in the left pane.

3. Select the Encryption tab in the right pane.

This displays the current server encryption settings.

4. Click Cipher Setting.

The Cipher Preference dialog box opens.

5. In the Cipher Preference dialog box, specify which ciphers for the Directory Server to use by

selecting them from the list, and click OK.

Unless there is a security reason not to use a specific cipher, select all the ciphers, except for

none,MD5.

6. In the Encryption tab, click Save.

CAUTION:

Avoid selecting the none,MD5 cipher because the server will use this option if no other ciphers

are available on the client, instead of refusing the connection. The none,MD5 cipher is not

secure because encryption does not occur.

12.7 Using certificate-based authentication

Directory Server allows certificate-based authentication for the command line tools (which are LDAP

clients) and for server-to-server connections (replication and chaining).

12.7 Using certificate-based authentication 487