Setting Security Preferences434 Red Hat Directory Server Administrator’s Guide • May 2005When a client initiates an SSL connection with a server, the client tells the serverwhat ciphers it prefers to use to encrypt information. In any two-way encryptionprocess, both parties must use the same ciphers. There are a number of ciphersavailable. Your server needs to be able to use the ciphers that will be used byclient applications connecting to the server.Directory Server provides the following SSL 3.0 ciphers:• RC4 cipher with 40-bit encryption and MD5 message authentication.• RC2 cipher with 40-bit encryption and MD5 message authentication.• No encryption, only MD5 message authentication.• DES with 56-bit encryption and SHA message authentication.• RC4 cipher with 128-bit encryption and MD5 message authentication.• Triple DES with 168-bit encryption and SHA message authentication.• FIPS DES with 56-bit encryption and SHA message authentication. Thiscipher meets the FIPS 140-1 U.S. government standard for implementations ofcryptographic modules.• FIPS Triple DES with 168-bit encryption and SHA message authentication.This cipher meets the FIPS 140-1 US government standard forimplementations of cryptographic modules.To select the ciphers you want the server to use:1. Make sure SSL is enabled for your server.For information, see “Starting the Server with SSL Enabled,” on page 428.2. In the Directory Server Console, select the Configuration tab, and then selectthe topmost entry in the navigation tree in the left pane.3. Select the Encryption tab in the right pane.This displays the current server encryption settings.4. Click Cipher Settings.The Cipher Preference dialog box is displayed.5. In the Cipher Preference dialog box, specify which ciphers you want yourserver to use by selecting them from the list, and click OK.Unless you have a security reason not to use a specific cipher, you shouldselect all of the ciphers, except for none,MD5.6. In the Encryption tab, click Save.
