search cancel

TLS cypher suites with CA LDAP Server not being picked from slapd.conf file

book

Article ID: 253252

calendar_today

Updated On:

Products

LDAP SERVER FOR Z/OS

Issue/Introduction

There is a parameter in ldap parameter file (slapd.conf named TLSSipherSuite.
When newer cypher suites were added, they were ingored.
What is needed to allow suites to be added?

Environment

Release : 15.1

Resolution

To be able to add the latest cipher suites maintenance is required. 

TLSCipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256:TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384:TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384:TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384:TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:TLS_DHE_RSA_WITH_AES_256_CBC_SHA256:TLS_DH_DSS_WITH_AES_256_CBC_SHA256:TLS_DH_RSA_WITH_AES_256_CBC_SHA256


The following PTFS and prereqs ware required to resolve the problem.

SO11651
SO07162
SO11230
SO11609
SO16322
SO16190
SO10105
SO06974