@
Updating the List of Enabled Ciphers https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/ht...
exec
dsconf -D "cn=Directory Manager" testinst security ciphers set "-all,+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
returns
usage: dsconf instance security ciphers set [-h] cipher-string dsconf instance security ciphers set: error: the following arguments are required: cipher-string
checking
dsconf instance security ciphers set -h usage: dsconf instance security ciphers set [-h] cipher-string
Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names (prefixed with + or -), optionally including +all or -all. The attribute may optionally be prefixed by keyword default. Please refer to documentation of the attribute for a more detailed description.
positional arguments: cipher-string
optional arguments: -h, --help show this help message and exit
re-attempt rm'in "-all"
dsconf -D "cn=Directory Manager" testinst security ciphers set "+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"
Remeber to restart the server to apply the new cipher set. (^^^^ fyi, typo) Some ciphers may be disabled anyway due to allowWeakCipher attribute.
but, here
grep -i weak /etc/dirsrv/slapd-testinst/dse.ldif allowWeakCipher: off allowWeakDHParam: off
389-users@lists.fedoraproject.org