LdapClientTlsCipherSuite specifies the ciphers and cipher preference order that TDGSS accepts from OpenSSL, for use in the token exchange during directory user authentication.
Do not use this property without a full understanding of the effects of specifying a particular cipher. If you are not sure about the effect of this property, contact Teradata Professional Services for assistance.
|"" (default)||No ciphers are specified. Causes OpenLdap to use its default cipher suite.|
|A custom list of ciphers||Consult OpenSSL documentation for cipher list requirements.|
Supporting Mechanisms for LdapClientTlsCipherSuite
Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
|KRB5||May Be Edited|
To set a value you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.
- Before you configure this property, use the command openssl ciphers -v ALL to obtain a list of ciphers available from OpenSSL.
- If you configure this property, use a colon-separated list of ciphers, in preference order. The list must be in accordance with OpenSSL documentation.
- You can specify HIGH, MEDIUM, LOW, EXPORT, or EXPORT40 (instead of cipher names) to indicate a strength range for acceptable ciphers.
- You can specify TLSv1, SSLv3, or SSLv2 to indicate a cipher suite.
- If you decide to configure this property, edit the value for all mechanisms that have the AuthorizationSupported property set to yes.
- Edit this property on the database and the Unity server, if used. Also see Coordinating Mechanism Property Values for Unity.