9.6. Setting the Minimum TLS Encryption Protocol Version

By default, Directory Server sets sslVersionMin parameter automatically based on the system-wide crypto policy. The following table provides an overview of the TLS version in sslVersionMin Directory Server uses based on the system-wide crypto policy profile:

For further details about system-wide crypto policy, how to change the profile, and opting-out services of system-wide crypto policies, see the Using system-wide cryptographic policies section in the RHEL 8 Security Hardening guide.

Alternatively, you can manually set sslVersionMin to higher value than the one defined in the crypto policy profile:

# dsconf -D "cn=Directory Manager" ldap://server.example.com security set --tls-protocol-min="TLS1.3"