Configuring the MF Directory Server to use TLS Protocols and Cipher Suites

To configure an MF Directory Server to force the use of a cipher suite list:

  1. Open the Enterprise Server Administration page.
  2. In the left pane under Configure, click Security.
  3. Click the MF Directory Server tab.
  4. Check Restrict administration access.
  5. In the Authenticated Client Sessions group, click Use encrypted connections.
  6. In the Secure Ports field, type a port number.
    • Check Use custom server ID certificates.
      This enables you to specify a certificate and keyfile.
      Note: If you do not specify a certificate and keyfile MF Directory Server uses the default certificate and keyfile created when DemoCA was installed.
  7. By default, the TLS honor server cipher list is checked. This forces clients to use the protocols and cipher suites specified in order of their priority.
    Note: If the TLS protocols and Cipher suites list are not specified then it uses the default. The TLS protocols field now supports TLS1.3. See Configuring a TLS Protocols List and Configuring a Cipher Suites List for more information.
  8. In the TLS protocols field, type the list of protocols in order of priority, for example:
    -ALL+SSL3+TLS1
  9. In the Cipher suites field, type the list of cipher suites in order of priority, for example:
    HIGH:!SSLv2:!RC4:!aNULL@STRENGTH
  10. Click OK.

See MF Directory Server Security for more information on configuration options.