Name

dsconfig set-crypto-manager-prop — Modifies Crypto Manager properties

Synopsis

dsconfig set-crypto-manager-prop {options}

Crypto Manager

Crypto Managers of type crypto-manager have the following properties:

cipher-key-length
Description

Specifies the key length in bits for the preferred cipher.

Default Value

128

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

cipher-transformation
Description

Specifies the cipher for the directory server using the syntax algorithm/mode/padding. The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding.

Default Value

AES/CBC/PKCS5Padding

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

digest-algorithm
Description

Specifies the preferred message digest algorithm for the directory server.

Default Value

SHA-256

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately and only affect cryptographic operations performed after the change.

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

key-wrapping-transformation
Description

The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology.

Default Value

RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change.

Advanced Property

No

Read-only

No

mac-algorithm
Description

Specifies the preferred MAC algorithm for the directory server.

Default Value

HmacSHA256

Allowed Values

A String

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

mac-key-length
Description

Specifies the key length in bits for the preferred MAC algorithm.

Default Value

128

Allowed Values

An integer value. Lower value is 0.

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only affect cryptographic operations performed after the change.

Advanced Property

Yes (Use --advanced in interactive mode.)

Read-only

No

ssl-cert-nickname
Description

Specifies the nicknames (also called the aliases) of the keys or key pairs that the Crypto Manager should use when performing SSL communication. The property can be used multiple times (referencing different nicknames) when server certificates with different public key algorithms are used in parallel (for example, RSA, DSA, and ECC-based algorithms). When a nickname refers to an asymmetric (public/private) key pair, the nickname for the public key certificate and associated private key entry must match exactly. A single nickname is used to retrieve both the public key and the private key. This is only applicable when the Crypto Manager is configured to use SSL.

Default Value

Let the server decide.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

The Crypto Manager must be disabled and re-enabled for changes to this setting to take effect

Advanced Property

No

Read-only

No

ssl-cipher-suite
Description

Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication.

Default Value

Uses the default set of SSL cipher suites provided by the server's JVM.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No

ssl-encryption
Description

Specifies whether SSL/TLS is used to provide encrypted communication between two OpenDJ server components.

Default Value

false

Allowed Values

true

false

Multi-valued

No

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No

ssl-protocol
Description

Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication.

Default Value

Uses the default set of SSL protocols provided by the server's JVM.

Allowed Values

A String

Multi-valued

Yes

Required

No

Admin Action Required

None

Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change.

Advanced Property

No

Read-only

No