To configure an MF Directory Server to force the use of a cipher suite list:
- Open the Enterprise Server Administration page.
- In the left pane under Configure, click
Security.
- Click the
MF Directory Server tab.
- Check
Restrict administration access.
- In the
Authenticated Client Sessions group, click
Use encrypted connections.
- In the
Secure Ports field, type a port number.
- Check
Use custom server ID certificates.
This enables you to specify a certificate and keyfile.
Note: If you do not specify a certificate and keyfile MF Directory Server uses the default certificate and keyfile created when
DemoCA was installed.
- By default, the
TLS honor server cipher list is checked. This forces clients to use the protocols and cipher suites specified in order of their priority.
Note: If the
TLS protocols and
Cipher suites list are not specified then it uses the default. The
TLS protocols field now supports TLS1.3. See
Configuring a TLS Protocols List
and
Configuring a Cipher Suites List
for more information.
- In the
TLS protocols field, type the list of protocols in order of priority, for example:
-ALL+SSL3+TLS1
- In the
Cipher suites field, type the list of cipher suites in order of priority, for example:
HIGH:!SSLv2:!RC4:!aNULL@STRENGTH
- Click
OK.
See
MF Directory Server Security for more information on configuration options.