389-ds-base shipped with RHEL 6.9 and 7.3 introduces a new parameter: allowWeakDHParam
The network security services (NSS) libraries linked with the Red Hat Directory Server require a minimum of 2048-bit Diffie-Hellman (DH) encryption. However, Java 1.6 and 1.7 supports only 1024 bit DH encryption. As a consequence, clients using these Java versions were unable to connect to Directory Server using encrypted connections. This update adds the "allowWeakDHParam" parameter to the "cn=encryption,cn=config" entry. As a result, if this parameter is enabled, affected clients can connect using weak DH encryption.
Default value: off
For further details, see BZ#1327065
The update is now available on the Customer Portal.