The provides a common interface for performing compression, decompression, hashing, encryption and other kinds of cryptographic operations. ds-cfg-crypto-manager top Specifies the preferred message digest algorithm for the directory server. Changes to this property take effect immediately and only affect cryptographic operations performed after the change. SHA-256 ds-cfg-digest-algorithm Specifies the preferred MAC algorithm for the directory server. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. HmacSHA256 ds-cfg-mac-algorithm Specifies the key length in bits for the preferred MAC algorithm. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. 128 ds-cfg-mac-key-length Specifies the cipher for the directory server using the syntax algorithm/mode/padding. The full transformation is required: specifying only an algorithm and allowing the cipher provider to supply the default mode and padding is not supported, because there is no guarantee these default values are the same among different implementations. Some cipher algorithms, including RC4 and ARCFOUR, do not have a mode or padding, and hence must be specified using NONE for the mode field and NoPadding for the padding field. For example, RC4/NONE/NoPadding. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. AES/CBC/PKCS5Padding ds-cfg-cipher-transformation Specifies the key length in bits for the preferred cipher. Changes to this property take effect immediately but only affect cryptographic operations performed after the change. 128 ds-cfg-cipher-key-length The preferred key wrapping transformation for the directory server. This value must be the same for all server instances in a replication topology. Changes to this property will take effect immediately but will only affect cryptographic operations performed after the change. RSA/ECB/OAEPWITHSHA-1ANDMGF1PADDING ds-cfg-key-wrapping-transformation Specifies the names of the SSL protocols that are allowed for use in SSL or TLS communication. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. Uses the default set of SSL protocols provided by the server's JVM. ds-cfg-ssl-protocol Specifies the names of the SSL cipher suites that are allowed for use in SSL or TLS communication. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. Uses the default set of SSL cipher suites provided by the server's JVM. ds-cfg-ssl-cipher-suite Specifies whether SSL/TLS is used to provide encrypted communication between two server components. Changes to this property take effect immediately but only impact new SSL/TLS-based sessions created after the change. false ds-cfg-ssl-encryption