@ Updating the List of Enabled Ciphers https://access.redhat.com/documentation/en-us/red_hat_directory_server/11/html/administration_guide/enabling_tls#idm140548437003312 exec dsconf -D "cn=Directory Manager" testinst security ciphers set "-all,+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" returns usage: dsconf instance security ciphers set [-h] cipher-string dsconf instance security ciphers set: error: the following arguments are required: cipher-string checking dsconf instance security ciphers set -h usage: dsconf instance security ciphers set [-h] cipher-string Use this command to directly set nsSSL3Ciphers attribute. It is a comma separated list of cipher names (prefixed with + or -), optionally including +all or -all. The attribute may optionally be prefixed by keyword default. Please refer to documentation of the attribute for a more detailed description. positional arguments: cipher-string optional arguments: -h, --help show this help message and exit re-attempt rm'in "-all" dsconf -D "cn=Directory Manager" testinst security ciphers set "+TLS_CHACHA20_POLY1305_SHA256,+TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" Remeber to restart the server to apply the new cipher set. (^^^^ fyi, typo) Some ciphers may be disabled anyway due to allowWeakCipher attribute. but, here grep -i weak /etc/dirsrv/slapd-testinst/dse.ldif allowWeakCipher: off allowWeakDHParam: off _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
