Bug 1413915 - New parameter: allowWeakDHParam
Summary: New parameter: allowWeakDHParam
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: Doc-config-command-file-reference
Version: 9.1
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Marc Muehlfeld
QA Contact: Viktor Ashirov
Depends On:
TreeView+ depends on / blocked
Reported: 2017-01-17 10:20 UTC by Marc Muehlfeld
Modified: 2017-03-22 06:53 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-03-22 06:53:57 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Marc Muehlfeld 2017-01-17 10:20:14 UTC
389-ds-base shipped with RHEL 6.9 and 7.3 introduces a new parameter: allowWeakDHParam

The network security services (NSS) libraries linked with the Red Hat Directory Server require a minimum of 2048-bit Diffie-Hellman (DH) encryption. However, Java 1.6 and 1.7 supports only 1024 bit DH encryption. As a consequence, clients using these Java versions were unable to connect to Directory Server using encrypted connections. This update adds the "allowWeakDHParam" parameter to the "cn=encryption,cn=config" entry. As a result, if this parameter is enabled, affected clients can connect using weak DH encryption.

Default value: off

For further details, see BZ#1327065

Comment 2 Marc Muehlfeld 2017-03-22 06:53:57 UTC
The update is now available on the Customer Portal.

Note You need to log in before you can comment on or make changes to this bug.