Red Hat 8.1 사용자 설명서
cn=encryption
75
Multi- or Single-Valued
Multi-valued
Defined in
Changelog Internet Draft
2.3.3. cn=encryption
Encryption related attributes are stored under the cn=encryption,cn=config entry. The
cn=encryption,cn=config
cn=encryption,cn=config
entry is an instance of the nsslapdEncryptionConfig object class.
2.3.3.1. nsSSLSessionTimeout
This attribute sets the lifetime duration of a TLS/SSL. The minimum timeout value is 5 seconds. If a
smaller value is set, then it is automatically replaced by 5 seconds. A value greater than the maximum
value in the valid range below is replaced by the maximum value in the range.
smaller value is set, then it is automatically replaced by 5 seconds. A value greater than the maximum
value in the valid range below is replaced by the maximum value in the range.
The server has to be restarted for changes to this attribute to go into effect.
Parameter
Description
Entry DN
cn=encryption, cn=config
Valid Range
5 seconds to 24 hours
Default Value
0, which means use the maximum value in the
valid range above.
valid range above.
Syntax
Integer
Example
nsSSLSessionTimeout: 5
2.3.3.2. nsSSLclientauth
This attribute sets how clients may use certificates to authenticate to the Directory Server for SSL
connections.
connections.
The server has to be restarted for changes to this attribute to go into effect.
Parameter
Description
Entry DN
cn=encryption, cn=config
Valid Values
off | allowed | required
off means disallow certificate-based
authentication
off means disallow certificate-based
authentication
allowed means clients may use certificates or
other forms of authentication
other forms of authentication
required means clients must use certificates for
authentication
authentication
Default Value
allowed
Syntax
DirectoryString
Example
nsSSLclientauth: allowed
2.3.3.3. nsSSL2
Supports SSL version 2. SSLv2 is deprecated, and Red Hat strongly discourages using it.
The server has to be restarted for changes to this attribute to go into effect.