You can configure the SSL or TLS protocol
versions in the client environment to securely communicate with a
directory server.
- Install the IBM® Security Verify
Directory client
package.
- Install GSKit, Version 8.0.55.29.
- Access the command line for your operating system.
- Set the value of the LDAP_OPT_SECURITY_PROTOCOL variable
with the appropriate protocol values.
Note: If you run
the bash shell on a Windows system,
you can follow the UNIX conventions.
- To set the
SSLv3, TLS 1.0, TLS
1.1, and TLS 1.2 protocols in an LDAP client
environment:
| Platform |
Run this command: |
| AIX® and Linux® |
$export LDAP_OPT_SECURITY_PROTOCOL=SSLV3,TLS10,TLS11,TLS12
|
| Windows |
c:\> set LDAP_OPT_SECURITY_PROTOCOL=SSLV3,TLS10,TLS11,TLS12
|
- To set the
TLS 1.2 protocol in an LDAP client
environment:
| Platform |
Run this command: |
| AIX and Linux |
$export LDAP_OPT_SECURITY_PROTOCOL=TLS12
|
| Windows |
c:\> set LDAP_OPT_SECURITY_PROTOCOL=TLS12
|
- Run the client utilities from the same console after you
configure the protocols.
For example:
export LDAP_OPT_SECURITY_PROTOCOL=TLS12
idsldapsearch -h server.com -p secure_port -Z -K clientkey.kdb \
-P clientPWD -s base -b "" objectclass =* security
security=ssltls
After you configure protocols in a client environment,
configure the appropriate ciphers for the protocols. See Client utilities and ciphers.