<?xml version="1.0" encoding="utf-8"?>
|
<!--
|
! CDDL HEADER START
|
!
|
! The contents of this file are subject to the terms of the
|
! Common Development and Distribution License, Version 1.0 only
|
! (the "License"). You may not use this file except in compliance
|
! with the License.
|
!
|
! You can obtain a copy of the license at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE
|
! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
|
! See the License for the specific language governing permissions
|
! and limitations under the License.
|
!
|
! When distributing Covered Code, include this CDDL HEADER in each
|
! file and include the License file at
|
! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
|
! add the following below this CDDL HEADER, with the fields enclosed
|
! by brackets "[]" replaced with your own identifying information:
|
! Portions Copyright [yyyy] [name of copyright owner]
|
!
|
! CDDL HEADER END
|
!
|
!
|
! Copyright 2007-2008 Sun Microsystems, Inc.
|
! Portions Copyright 2011 ForgeRock AS
|
! -->
|
<adm:managed-object name="crypto-manager" plural-name="crypto-managers"
|
package="org.opends.server.admin.std"
|
xmlns:adm="http://www.opends.org/admin"
|
xmlns:ldap="http://www.opends.org/admin-ldap">
|
<adm:synopsis>
|
The
|
<adm:user-friendly-name />
|
provides a common interface for performing compression,
|
decompression, hashing, encryption and other kinds of cryptographic
|
operations.
|
</adm:synopsis>
|
<adm:tag name="security" />
|
<adm:profile name="ldap">
|
<ldap:object-class>
|
<ldap:name>ds-cfg-crypto-manager</ldap:name>
|
<ldap:superior>top</ldap:superior>
|
</ldap:object-class>
|
</adm:profile>
|
<adm:property name="digest-algorithm" advanced="true">
|
<adm:synopsis>
|
Specifies the preferred message digest algorithm for the directory server.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately and
|
only affect cryptographic operations performed after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>SHA-1</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-digest-algorithm</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="mac-algorithm" advanced="true">
|
<adm:synopsis>
|
Specifies the preferred MAC algorithm for the directory server.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but only
|
affect cryptographic operations performed after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>HmacSHA1</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-mac-algorithm</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="mac-key-length" advanced="true">
|
<adm:synopsis>
|
Specifies the key length in bits for the preferred MAC algorithm.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but only
|
affect cryptographic operations performed after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>128</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-mac-key-length</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="cipher-transformation" advanced="true">
|
<adm:synopsis>
|
Specifies the cipher for the directory server
|
using the syntax algorithm/mode/padding.
|
</adm:synopsis>
|
<adm:description>
|
The full transformation is required: specifying only an algorithm
|
and allowing the cipher provider to supply the default mode and
|
padding is not supported, because there is no guarantee these
|
default values are the same among different implementations.
|
Some cipher algorithms, including RC4 and ARCFOUR, do not have a
|
mode or padding, and hence must be specified using NONE for the
|
mode field and NoPadding for the padding field. For example,
|
RC4/NONE/NoPadding.
|
</adm:description>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but
|
only affect cryptographic operations performed after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>AES/CBC/PKCS5Padding</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-cipher-transformation</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="cipher-key-length" advanced="true">
|
<adm:synopsis>
|
Specifies the key length in bits for the preferred cipher.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but
|
only affect cryptographic operations performed after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>128</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:integer />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-cipher-key-length</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="key-wrapping-transformation" multi-valued="false" advanced="false">
|
<adm:synopsis>
|
The preferred key wrapping transformation for the directory server. This value must
|
be the same for all server instances in a replication topology.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property will take effect immediately but will
|
only affect cryptographic operations performed after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-key-wrapping-transformation</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="ssl-protocol" multi-valued="true">
|
<adm:synopsis>
|
Specifies the names of the SSL protocols that are allowed for
|
use in SSL or TLS communication.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but
|
only impact new SSL/TLS-based sessions created after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
Uses the default set of SSL protocols provided by the server's
|
JVM.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-ssl-protocol</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="ssl-cipher-suite" multi-valued="true">
|
<adm:synopsis>
|
Specifies the names of the SSL cipher suites that are allowed
|
for use in SSL or TLS communication.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but
|
only impact new SSL/TLS-based sessions created after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:alias>
|
<adm:synopsis>
|
Uses the default set of SSL cipher suites provided by the
|
server's JVM.
|
</adm:synopsis>
|
</adm:alias>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:string />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-ssl-cipher-suite</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property name="ssl-encryption">
|
<adm:synopsis>
|
Specifies whether SSL/TLS is used to provide encrypted
|
communication between two <adm:product-name /> server components.
|
</adm:synopsis>
|
<adm:requires-admin-action>
|
<adm:none>
|
<adm:synopsis>
|
Changes to this property take effect immediately but
|
only impact new SSL/TLS-based sessions created after the
|
change.
|
</adm:synopsis>
|
</adm:none>
|
</adm:requires-admin-action>
|
<adm:default-behavior>
|
<adm:defined>
|
<adm:value>false</adm:value>
|
</adm:defined>
|
</adm:default-behavior>
|
<adm:syntax>
|
<adm:boolean />
|
</adm:syntax>
|
<adm:profile name="ldap">
|
<ldap:attribute>
|
<ldap:name>ds-cfg-ssl-encryption</ldap:name>
|
</ldap:attribute>
|
</adm:profile>
|
</adm:property>
|
<adm:property-reference name="ssl-cert-nickname" />
|
</adm:managed-object>
|
