Manualshelf

HP-UX Directory Server 8.1 administrator guide

ManualsBrandsHP ManualsSoftwareHP-UX Directory Server
481482483484485486487488489490
use the same ciphers. There are a number of ciphers available. The server needs to be able to use
the ciphers that will be used by client applications connecting to the server.
12.6.1 Available ciphers
This section lists information about the available ciphers for Directory Server encryption. Each
cipher has the following information:
Directory Server name
The name of the cipher suite used when configuring the Directory Server. The Directory
Server uses this name both internally and in the Directory Server Console.
Key exchange
The key exchange algorithm. DHE stands for Diffie-Hellman; DSS stands for Digital Signature
Standard. The 1024 bit ciphers are lower strength ciphers formerly used for export control.
Encryption Algorithm
AES stands for the American Encryption Standard. DES stands for Data Encryption Standard.
Symmetric Key Bit Size
The size in bits of the key used for the actual transport data encryption.
Message Authentication
SHA stands for Secure Hash Algorithm.
The Mozilla site, http://www.mozilla.org/projects/security/pki/nss/nss-3.11/
nss-3.11-algorithms.html for definitions and explanations of the encryption algorithms.
NOTE:
Directory Server supports ciphers for TLSv1 (recommended) and SSLv3. SSLv2 support is
deprecated and not enabled by default in Directory Server.
Directory Server provides the following TLSv1 ciphers:
Table 12-3 TLSv1 ciphers
Message
authentication
Symmetric
key bit size
Encryption
algorithm
Key exchangeDirectory Server name
SHA128AESDHE with DHStls_dhe_dss_aes_128_sha
SHA128AESDHE with RSAtls_dhe_rsa_aes_128_sha
SHA256AESRSAtls_rsa_aes_256_sha
SHA256AESDHE with DSStls_dhe_dss_aes_256_sha
SHA256AESDHE with RSAtls_dhe_rsa_aes_256_sha
SHA56RC4DHE with DSS 1024 bit
public key
tls_dhe_dss_1024_rc4_sha
SHA128RC4DHE with DSStls_dhe_dss_rc4_128_sha
SHA56RC4RSA with 1024 bit
public key
tls_rsa_export1024_with_rc4_56_sha
SHA56DESRSA with 1024 bit
public key
tls_rsa_export1024_with_des_cbc_sha
Directory Server provides the following SSLv3 ciphers:
488 Managing SSL