Configuring ciphers for LDAP connections

This procedure describes how to configure ciphers for Control-M/EM on UNIX that connect to an LDAP server.

To configure ciphers for LDAP connections:

1. View the supported ciphers by running the following command:

   openssl ciphers -V

   You can also filter the ciphers according to a specific protocol by sending the protocol name as a parameter to this openssl command.

2. Limit the ciphers used by this SSL connection, by adding a parameter named TLS_CIPHER_SUITE to the <Control-M/EM Home Directory>/etc/ldap.conf file.

   The value of this parameter can specify the group of allowed ciphers.

   You can place single or group of ciphers as values for this option.

3. Use the following syntax between the ciphers and cipher groups:
   • : - include
   • :! – exclude
   • + - move to last in the cipher list

   EXAMPLE: TLSv1.2+RSA:!EXPORT:!NULL

   This value includes all TLSv1.2 ciphers, with the RSA ciphers at the bottom of the list, and excludes all export ciphers and null ciphers.