Red Hat Directory Server 8.0 Administrator's Guide
Console.
• Key exchange. The key exchange algorithm. DHE stands for Diffie-Hellman; DSS stands for
Digital Signature Standard. The 1024 bit ciphers are lower strength ciphers formerly used for
export control.
• Encryption Algorithm. AES stands for the American Encryption Standard. DES stands for
Data Encryption Standard.
• Symmetric Key Bit Size. The size in bits of the key used for the actual transport data
encryption.
• Message Authentication. SHA stands for Secure Hash Algorithm.
The Mozilla site,
http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html for definitions
and explanations of the encryption algorithms.
NOTE
Directory Server supports ciphers for TLSv1 (recommended) and SSLv3. SSLv2
support is deprecated and not enabled by default in Directory Server.
Directory Server provides the following TLSv1 ciphers:
Directory
Server Name
Key Exchange Encryption
Algorithm
Symmetric Key
Bit Size
Message
Authentication
tls_dhe_dss_aes_128_shaDHE with DHS AES 128 SHA
tls_dhe_rsa_aes_128_shaDHE with RSA AES 128 SHA
tls_rsa_aes_256_shaRSA AES 256 SHA
tls_dhe_dss_aes_256_shaDHE with DSS AES 256 SHA
tls_dhe_rsa_aes_256_shaDHE with RSA AES 256 SHA
tls_dhe_dss_1024_rc4_shaDHE with DSS
1024 bit public
key
RC4 56 SHA
tls_dhe_dss_rc4_128_shaDHE with DSS RC4 128 SHA
tls_rsa_export1024_with_rc4_56_shaRSA with 1024
bit public key
RC4 56 SHA
tls_rsa_export1024_with_des_cbc_shaRSA with 1024
bit public key
DES 56 SHA
Table 11.2. TLSv1 Ciphers
Administration Server
413