Overview#
EDirectory TLS supports use of LDAPS and StartTLSEDirectory TLS and TLS Version
- TLS 1.3 - N/A (2018-10-03)
- TLS 1.2
- EDirectory 9.0.0.0 (40002.79) and Later
- TLS 1.1
- EDirectory 9.0.0.0 (40002.79) and Later
- TLS 1.0
- EDirectory 9.0.0.0 (40002.79) and Later
- EDirectory 8.8.8.0 (20801.46) and Later
- SSLv3
- EDirectory 8.8.8.0 (20801.46) - Enabled by default for LDAPS. SSLv3 support can be disabled in iManager using the LDAP Options role.
- EDirectory 9.0.0.0 (40002.79) - By default, eDirectory is in FIPS mode which will not allow SSLv3 ciphers. To disable FIPS mode and allow SSLv3 handshakes, pass n4u.server.fips_tls=0 as a parameter for the ndsconfig set command and restart the server.
- SSLv2:
- EDirectory 8.8.8.0 (20801.46) - has always been disabled and cannot be manually re-enabled.
- EDirectory 9.0.0.0 (40002.79) - in FIPS mode which will not allow SSLv2. However, the server can still be configured to allow it.
all earlier versions of eDirectory have several Vulnerability
