Tivoli Directory Server Version 6.3, Fix Pack 17. Support for NIST SP A

Transcription

1 Tivoli Directory Server Version 6.3, Fix Pack 17 Support for NIST SP A

2

3 Tivoli Directory Server Version 6.3, Fix Pack 17 Support for NIST SP A

4 Note Before using this information and the product it supports, read the general information under Appendix D, Notices, on page 49. Edition notice Note: This edition applies to Version 6.3, Fix Pack 17 of IBM Tivoli Directory Server and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright International Business Machines Corporation Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

5 Contents About this publication v Access to publications and terminology v Accessibility vii Technical training vii Support information vii National Institute of Standards and Technology Special Publication A guidelines 1 System requirements and supported software versions Support for the transition to NIST SP A Configuration settings for a secure directory server Tivoli Directory Server with the SSL and TLS protocols Configuring a secure directory server with protocols and ciphers TLS 1.2 signature and hash algorithms Configuring the TLS 1.2 signature and hash algorithm restriction Tivoli Directory Server with Suite B mode Configuring Suite B mode in Tivoli Directory Server Support for NIST SP A features and directory server topologies Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities Client utilities with SSL and TLS protocols Configuring protocols in a client environment Client utilities and ciphers Configuring ciphers in a client environment Client utilities and TLS 1.2 signature and hash algorithms Configuring the TLS 1.2 signature and hash algorithm restriction in a client environment Client utilities and Suite B mode Configuring Suite B mode in a client environment Application programming interfaces LDAP_SET_OPTION LDAP_SSL_SET_EXTN_SIGALG LDAP_SSL_SET_SUITEB_MODE Migration considerations Interoperability with the previous versions of Tivoli Directory Server Behavior changes in Tivoli Directory Server, version 6.3, Fix Pack Appendix A. Protocols and ciphers in Tivoli Directory Server, version 6.3, Fix Pack 17 or later Appendix B. Protocols and ciphers in Tivoli Directory Server, version or previous versions Appendix C. References Appendix D. Notices Glossary Index iii

6 iv Directory Server: Support for NIST SP A

7 About this publication IBM Tivoli Directory Server is an IBM implementation of Lightweight Directory Access Protocol for the following operating systems: v Microsoft Windows v AIX v Linux (System x, System z, System p, and System i ) v Solaris v Hewlett-Packard UNIX (HP-UX) (Itanium) IBM Tivoli Directory Server, version 6.3, Fix Pack 17 Support for NIST SP A describes NIST SP A, support for the transition to NIST SP A guidelines, and migration considerations. Access to publications and terminology This section provides: v A list of publications in the IBM Tivoli Directory Server Version 6.3 library. v Links to Online publications on page vi. v A link to the IBM Terminology website on page vi. IBM Tivoli Directory Server Version 6.3 library The following documents are available in the IBM Tivoli Directory Server Version 6.3 library: v IBM Tivoli Directory Server Version 6.3 What's New for This Release, GC Provides information about the new features in the IBM Tivoli Directory Server Version 6.3 release. v IBM Tivoli Directory Server Version 6.3 Quick Start Guide, GI Provides help for getting started with IBM Tivoli Directory Server, version 6.3. Includes a short product description and architecture diagram, and a pointer to the product Information Center and installation instructions. v IBM Tivoli Directory Server Version 6.3 System Requirements, SC Provides the minimum hardware and software requirements for installing and using IBM Tivoli Directory Server, version 6.3 and its related software. This document lists the supported versions of corequisite products such as DB2 and GSKit. v IBM Tivoli Directory Server Version 6.3 Installation and Configuration Guide, SC Contains complete information for installing, configuring, and uninstalling IBM Tivoli Directory Server. Includes information about upgrading from a previous version of IBM Tivoli Directory Server. v IBM Tivoli Directory Server Version 6.3 Administration Guide, SC Contains instructions for performing administrator tasks through the Web Administration tool and the command line. v IBM Tivoli Directory Server Version 6.3 Command Reference, SC Describes the syntax and usage of the command-line utilities included with IBMTivoli Directory Server. v

8 v IBM Tivoli Directory Server Version 6.3 Server Plug-ins Reference, SC Contains information about writing server plug-ins. v IBM Tivoli Directory Server Version 6.3 Programming Reference, SC Contains information about writing Lightweight Directory Access Protocol (LDAP) client applications in C and Java. v IBM Tivoli Directory Server Version 6.3 Performance Tuning and Capacity Planning Guide, SC Contains information about tuning the directory server for better performance. Describes disk requirements and other hardware requirements for directories of different sizes and with various read and write rates. Describes known working scenarios for each of these levels of directory and the disk and memory used; also suggests rules of thumb. v IBM Tivoli Directory Server Version 6.3 Problem Determination Guide, GC Contains information about possible problems and corrective actions that can be taken before contacting IBM Software Support. v IBM Tivoli Directory Server Version 6.3 Messages Guide, GC Contains a list of all informational, warning, and error messages associated with IBM Tivoli Directory Server, version 6.3. v IBM Tivoli Directory Server Version 6.3 White Pages, SC Describes the Directory White Pages application, which is provided with IBM Tivoli Directory Server, version 6.3. Contains information about installing, configuring, and using the application for both administrators and users. Online publications IBM posts product publications when the product is released and when the publications are updated at the following locations: IBM Tivoli Directory Server Information Center The com.ibm.ibmds.doc/welcome.htm site displays the information center welcome page for this product. IBM Security Information Center The site displays an alphabetical list of and general information about all IBM Security product documentation. IBM Publications Center The pbi.wss site offers customized search functions to help you find all the IBM publications you need. IBM Terminology website The IBM Terminology website consolidates terminology for product libraries in one location. You can access the Terminology website at software/globalization/terminology. vi Directory Server: Support for NIST SP A

9 Accessibility Technical training Support information Accessibility features help users with a physical disability, such as restricted mobility or limited vision, to use software products successfully. With this product, you can use assistive technologies to hear and navigate the interface. You can also use the keyboard instead of the mouse to operate all features of the graphical user interface. Visit the IBM Accessibility Center at accessibility/ for more information about IBM s commitment to accessibility. For additional information, see the Accessibility Appendix in the IBM Tivoli Directory Server Version 6.3 Installation and Configuration Guide. For technical training information, see the following IBM Education website at IBM Support provides assistance with code-related problems and routine, short duration installation or usage questions. You can directly access the IBM Software Support site at IBM Tivoli Directory Server Version 6.3 Problem Determination Guide provides details about: v What information to collect before contacting IBM Support. v The various methods for contacting IBM Support. v How to use IBM Support Assistant. v Instructions and problem-determination resources to isolate and fix the problem yourself. Note: The Community and Support tab on the product information center can provide additional support resources. IBM Support Assistant The IBM Support Assistant is a free local software serviceability workbench that helps you resolve questions and problems with IBM software products. Support Assistant provides quick access to support-related information and serviceability tools for problem determination. To install the Support Assistant software, go to support/isa. About this publication vii

10 viii Directory Server: Support for NIST SP A

11 National Institute of Standards and Technology Special Publication A guidelines For the transition to NIST SP A guidelines, you must identify the security requirements that the LDAP environment must conform. National Institute of Standards and Technology (NIST) Special Publication (SP) A guidelines provide cryptographic key management guidance. These guidelines include: v Key management procedures. v How to use cryptographic algorithms. v Algorithms to use and their minimum strengths. v Key lengths for secure communications. For more information about NIST SP A, see Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths at the website. Suite B mode is a restrictive subset of the SP A specification. Suite B defines the cryptographic algorithm policies to use with the Transport Layer Security (TLS) protocol for national security applications. For more information about Suite B, see Suite B Profile for Transport Layer Security (TLS) RFC 6460 at the website. Government agencies and financial institutions use the NIST SP A guidelines to ensure that the products conform to specified security requirements. 1

12 2 Directory Server: Support for NIST SP A

13 System requirements and supported software versions To install and use IBM Tivoli Directory Server and its related software, your computer must meet the minimum system requirements. There are specific hardware and software requirements that a system must meet to install Tivoli Directory Server, version 6.3 Fix Pack 17. Tivoli Directory Server can function as a full directory server, proxy server, client only, or administration and management console. The system requirements might vary based on your usage of Tivoli Directory Server. Upgrade to Tivoli Directory Server, version 6.3, Fix Pack 17 For the transition to National Institute of Standards and Technology (NIST) SP A, you must upgrade to IBM Tivoli Directory Server, version 6.3, Fix Pack 17. You must upgrade the prerequisite software to the level specified in the "Tested environments" section of the Fix Pack 17 README file. You can download the Fix Pack 17 README file from the swg/selectfixes?parent=ibm~tivoli&product=ibm/tivoli/tivoli+directory+server &release= &platform=all&function=all website. Note: In IBM Tivoli Directory Server, version 6.3, Fix Pack 17, the Web Administration tool and the White Pages application do not support the transition to NIST SP A. Support for NIST SP A with Tivoli Directory Server, version 6.2 or previous versions In Tivoli Directory Server, version 6.2 or previous versions, transition to NIST SP A is not supported. To support NIST SP A, you must upgrade to IBM Tivoli Directory Server, version 6.3, Fix Pack 17 and install IBM Global Security Kit (GSKit), version or later. To upgrade from Tivoli Directory Server, version 6.2 or previous versions, you must first migrate to Tivoli Directory Server, version 6.3, general availability (GA). After you finish the migration, upgrade to Tivoli Directory Server, version 6.3, Fix Pack 17. For more information about the Tivoli Directory Server, version 6.3, GA system requirements, see IBM Tivoli Directory Server Version 6.3 System Requirements at the %2Fcom.ibm.IBMDS.doc%2Fsysreq.htm website. For information about migrating from Tivoli Directory Server, version 6.2 or previous versions to Tivoli Directory Server, version 6.3, GA, see IBM Tivoli Directory Server Version 6.3 Installation and Configuration Guide at the index.jsp?topic=%2fcom.ibm.ibmds.doc%2finstall39.htm&path%3d8_3_6 website. 3

14 4 Directory Server: Support for NIST SP A

15 Support for the transition to NIST SP A You must identify the protocol, cryptographic algorithms, and key lengths that are required for the transition to NIST SP A. For the transition to NIST SP A guidelines, IBM Tivoli Directory Server, version 6.3, Fix Pack 17 supports: v The Transport Layer Security (TLS) 1.2 protocol. v Disabling protocols other than TLS 1.2. v Public keys with the following key strengths: The RSA keys with a minimum size of 2048 bits. The elliptic curve (EC) keys with a minimum size of 160-bits or curve p160. v v v v Certificates with the RSA keys 2048-bits or higher or with the EC keys 160-bits or curve p160 or higher. Digital signatures with a minimum of SHA2 encryption algorithm. Setting the TLS 1.2 signature and hash algorithm restrictions. Suite B mode. When you upgrade to Tivoli Directory Server, version 6.3, Fix Pack 17, the support for the transition to NIST SP A are disabled by default. To set features, such as TLS 1.2 signature and hash algorithms or Suite B mode, you must configure a directory server for secure connections over a secure port. These features are not supported when you configure a directory server for secure connections over an unsecured port. When you configure a server for secure connections over a secure port, the server uses the Transport Layer Security (TLS) protocol and not the Start TLS extended operation. For more information about the TLS protocol and the Start TLS extended operation, see Difference between the TLS protocol and the Start TLS extended operation in Tivoli Directory Server on page 7. Configuration settings for a secure directory server You must identify the configuration settings that are required to configure a directory server for secure communications. To configure a directory server for secure communications, you must set the required attributes in the cn=ssl,cn=configuration entry of the configuration file. If a directory server supports the Federal Information Processing Standards (FIPS) mode enablement, you can configure the server to start in FIPS processing mode. If you set the FIPS processing mode, the server uses: v v v v The certified encryption algorithms from the ICC FIPS-certified library for encryption. The most secure ciphers that are supported by FIPS. Only the TLS protocol to secure the communication between the server and a client. Ciphers that are most secure for the specific version of the TLS protocol. 5

16 Table 1. Attributes for FIPS processing mode Attributes ibm-slapdsecurity ibm-slapdsslfipsmodeenabled ibm-slapdsslfipsprocessingmode ibm-slapdsslauth ibm-slapdsslcertificate ibm-slapdsslkeydatabase ibm-slapdsslkeydatabasepw Values SSL SSLOnly SSLTLS TLS true (true by default) true serverclientauth serverauth certificate_label keydatabasefile_with_path keydatabasefile_password ibm-slapdsecurity Specifies the type of connections a server accepts. Choose one of the following values: v v v SSL specifies the server to accept connections on a secure port for secure communications. The server also accepts nonsecure communication on an unsecured port. SSLOnly specifies the server to accept connections only on a secure port for secure communications. SSLTLS specifies the server to accept connections on a secure port and an unsecured port for secure communications. The server also accepts nonsecure communication on an unsecured port. v TLS specifies the server to accept connections on an unsecured port for secure communication and nonsecure communication. ibm-slapdsslfipsmodeenabled Specifies whether the server is using the ICC version of GSKit libraries. Choose one of the following values: v true specifies the server uses the ICC version of GSKit libraries. v false specifies the server uses the BSAFE version. ibm-slapdsslfipsprocessingmode Specifies whether the server is operating in FIPS mode. Choose one of the following values: v true specifies the server runs in FIPS processing mode. v false specifies the server deactivates FIPS processing mode. ibm-slapdsslauth Specifies the authentication type for secure connections. Choose one of the following values: v serverclientauth supports server and client authentication. v serverauth supports server authentication at the client. ibm-slapdsslcertificate Specifies the label to identify the personal certificate of a server in a key database file. ibm-slapdsslkeydatabase Specifies the file path to the key database file of an LDAP server. ibm-slapdsslkeydatabasepw Specifies the password for the key database file of an LDAP server. 6 Directory Server: Support for NIST SP A

17 To configure a secure server, do not set the ibm-slapdsslfipsprocessingmode attribute to true unless you want to start the server in FIPS processing mode. Difference between the TLS protocol and the Start TLS extended operation in Tivoli Directory Server In a directory server environment, you can secure connections by setting the ibm-slapdsecurity attribute in the cn=ssl,cn=configuration entry to one of the following values: SSL, SSLOnly, SSLTLS, or TLS. To secure connections with the TLS protocol over a secure port, you must set the ibm-slapdsecurity attribute to SSL or SSLOnly. To send a secure connection request with the TLS protocol to a server, run a client utility with the -Z parameter and connect over a secure port. Note: If you run a client utility with the -Z parameter and send a request with the TLS protocol over an unsecured port, the request fails. To secure connections with thestart TLS extended operation over an unsecured port, you must set the ibm-slapdsecurity attribute to TLS. To send the Start TLS extended operation request to a server, run a client utility with the -Y parameter. When you specify the -Y parameter, the client utility uses the Start TLS extended operation. It uses the TLS protocol internally to secure the connection with the server. Note: If you run a client utility with the -Y parameter and send a request with the Start TLS extended operation over a secure port, the request fails. When you set the ibm-slapdsecurity attribute to SSLTLS, the server can accept the TLS protocol or the Start TLS extended operation. When you run a client utility with the -Z parameter and connect on a secure port, the server and client use the TLS protocol. When you run a client utility with the -Y parameter and connect on an unsecured port, the server and client use the Start TLS extended operation. Tivoli Directory Server with the SSL and TLS protocols You can configure a directory server with the SSL and TLS protocols. You must identify and set the required protocols that meet your LDAP environment security requirements. In IBM Tivoli Directory Server, version 6.3, Fix Pack 17, you can configure a server for secure communications with the SSLv3, TLS 1.0, TLS 1.1, and TLS 1.2 protocols. Note: When you configure a directory server for secure communications, the server uses the SSLv3/TLS 1.0 protocol suite or the Start TLS extended operation to secure connections. The TLS 1.1 and TLS 1.2 protocols are disabled by default. SSLv3, TLS 1.0, TLS 1.1, or TLS 1.2 protocols To use the SSLv3, TLS 1.0, TLS 1.1, and TLS 1.2 protocols or to use only the TLS 1.2 protocol, you must set the IBMSLAPD_SECURITY_PROTOCOL variable with an appropriate value. To configure a directory server with the SSLv3, TLS 1.0, TLS 1.1, ortls 1.2 protocol, you must specify the appropriate ciphers in the configuration file. In a Support for the transition to NIST SP A 7

18 directory server configuration file, the ciphers for the SSLv3, TLS 1.0, and TLS 1.1 protocols exist by default. For the TLS 1.2 protocol, the configuration file does not contain any TLS 1.2 supported ciphers. You must add one or more ciphers for the protocol by adding the ibm-slapdsslcipherspec attribute multiple times. Add the appropriate ciphers in the configuration file under the cn=ssl,cn=configuration entry. If appropriate ciphers are not set in the configuration file for the protocols, the server generates an error when the server starts. For more information about the supported protocols and ciphers, see Appendix A, Protocols and ciphers in Tivoli Directory Server, version 6.3, Fix Pack 17 or later, on page 43. You must not assign multiple ciphers in ibm-slapdsslcipherspec, for example: ibm-slapdsslcipherspec: TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384. Assigning multiple ciphers might cause an error when the server starts. If you assign an invalid cipher to ibm-slapdsslcipherspec, the server generates an error when the server starts. For example, if you add the ibm-slapdsslcipherspec attribute with a value, HELLO, the server generates the following error and exits: GLPSSL009E An incorrect value of HELLO was given for the SSL cipher specification. For the TLS 1.1 protocol, the directory server supports six ciphers from the eight ciphers that are in the configuration file. The RC4-40-MD5 and RC2-40-MD5 ciphers are not supported by the server with the TLS 1.1 protocol. If you set only the RC4-40-MD5 and RC2-40-MD5 ciphers and configure the server with the TLS 1.1 protocol, the server generates an error and exits. When you configure a directory server to use only the TLS 1.2 protocol, then all other protocols, such as SSLv3, TLS 1.0, and TLS 1.1, are disabled. The directory server ignores the SSLv3, TLS 1.0, or TLS 1.1 supported ciphers that are in the configuration file when you configure the server only with the TLS 1.2 protocol. Table 2. Relationship between the IBMSLAPD_SECURITY_PROTOCOL variable value, the ibm-slapdsecurity attribute value, the mode of secure communication, the parameter, and the supported port Value of IBMSLAPD_SECURITY_PROTOCOL SSLV3 TLS10 TLS11 Value of ibm-slapdsecurity Mode of secure communication Secure port with the -Z option SSL SSLOnly SSLv3 protocol Yes No SSLTLS SSLv3 protocol Yes No TLS Start TLS extended operation No No SSLTLS Start TLS extended operation SSL SSLOnly TLS 1.0 protocol Yes No SSLTLS TLS 1.0 protocol Yes No TLS Start TLS extended operation No Yes SSLTLS Start TLS extended operation SSL SSLOnly TLS 1.1 protocol Yes No SSLTLS TLS 1.1 protocol Yes No TLS Start TLS extended operation No Yes SSLTLS Start TLS extended operation No No No Unsecured port with the -Y option No Yes Yes 8 Directory Server: Support for NIST SP A

19 Table 2. Relationship between the IBMSLAPD_SECURITY_PROTOCOL variable value, the ibm-slapdsecurity attribute value, the mode of secure communication, the parameter, and the supported port (continued) Value of IBMSLAPD_SECURITY_PROTOCOL TLS12 Value of ibm-slapdsecurity Mode of secure communication Secure port with the -Z option SSL SSLOnly TLS 1.2 protocol Yes No SSLTLS TLS 1.2 protocol Yes No TLS Start TLS extended operation No Yes SSLTLS Start TLS extended operation No Unsecured port with the -Y option Yes NIST SP A transition guidelines For the transition to NIST SP A guidelines, you must consider the following points: v v v v Configure a directory server with the TLS 1.2 protocol for secure communications. Optionally, disable other protocols, such as SSLv3, TLS 1.0, and TLS 1.1. You can disable other protocols by setting the IBMSLAPD_SECURITY_PROTOCOL variable to TLS12. Obtain key database files with certificates that are created with: The RSA keys of a minimum size of 2048 bits. The elliptic curve (EC) keys of a minimum size of 160-bits or curve p160. Use the digital signatures with a minimum of SHA2 (SHA 256) in certificates. A secure directory server with a key database file that is created with a previous version of GSKit might work with the TLS 1.2 protocol. From the supported TLS 1.2 ciphers, the ciphers that meet the following conditions might work with the existing certificates: v The public key of certificates and ciphers are compatible. v The signature and hash algorithms of certificates and ciphers are compatible. The scenarios that require a change in the certificates are: v To use ciphers with a different public key when compared to the public key in the existing certificate. v To use signature and hash algorithms that meet the NIST SP A guidelines. If the existing certificates do not meet the SP A requirement, obtain certificates that meet the requirements. For more information, see the Key database, Certificate, and Certificate request chapters in the GSKCapiCmd User's Guide. You can download the GSKCapiCmd User's Guide from the ftp://ftp.software.ibm.com/ software/webserver/appserv/library/v80/gsk_capicmd_userguide.pdf website. Note: When you configure a server with a key database file with certificates that meet NIST SP A guidelines, the server does additional processing to secure connections with the TLS 1.2 protocol. Therefore, the server might require more processing time to secure connections with the TLS 1.2 protocol. Support for the transition to NIST SP A 9

20 You can restrict a directory server to a specified set of TLS 1.2 signature and hash algorithms when you configure it with the TLS 1.2 protocol. For more information about TLS 1.2 signature and hash algorithms, see TLS 1.2 signature and hash algorithms on page 14. Directory server startup messages and log messages If you do not set any protocols on a directory server, then the server uses the default protocols for secure communications. The following message shows the default protocols that are set when the server is configured for secure communications. GLPSSL039I Secure communication using the SSLV3,TLS10 protocol is enabled. The message is shown during the server startup. The messages are recorded in the ibmslapd.log file of the directory server instance. On AIX, Linux, and Solaris systems The default location of the ibmslapd.log file is instance_home/idsslapdinstance_name/logs directory. On Windows systems The default location of the ibmslapd.log file is drive\idsslapdinstance_name\logs directory. When you configure a directory server with SSLV3,TLS10,TLS11,TLS12 as value for IBMSLAPD_SECURITY_PROTOCOL, the following messages are shown: GLPSSL039I Secure communication using the SSLV3 protocol is enabled. GLPSSL039I Secure communication using the TLS10 protocol is enabled. GLPSSL039I Secure communication using the TLS11 protocol is enabled. GLPSSL039I Secure communication using the TLS12 protocol is enabled. For detailed messages on protocols and ciphers, you must check the server trace messages. Examples 10 Directory Server: Support for NIST SP A Example 1: To verify whether a directory server is configured for a secure communication, run the following command: idsldapsearch -h server.com -p port -s base -b "" objectclass=* security security=none If the security attribute is none, the server is not configured for secure communications. Example 2: To configure a directory server in FIPS processing mode, run the ldapmodify command. For example: idsldapmodify -h server.com -p port -D admindn -w adminpwd dn: cn=ssl,cn=configuration changetype: modify replace: ibm-slapdsslfipsprocessingmode ibm-slapdsslfipsprocessingmode: true To configure a secure server, do not set the ibmslapdsslfipsprocessingmode attribute to true unless you want to start the server in FIPS processing mode. Note: You must restart the directory server and the administration server for the changes to take effect.

21 Example 3: To verify whether a server is in FIPS processing mode, run the idsldapsearch command against the server for the root DSE results. For example: idsldapsearch -h server.com -p port -s base -b "" objectclass=*\ ibm-sslfipsprocessingmode ibm-sslfipsprocessingmode=on The ibm-sslfipsprocessingmode attribute is listed when the ibm-slapdsecurity attribute is set to SSL, SSLOnly, orssltls. Ifthe ibm-slapdsecurity attribute is set to TLS, the ibm-sslfipsprocessingmode attribute is not listed in search results. Example 4: To add a cipher for the TLS 1.2 protocol in the configuration file, run the ldapmodify command. For example: idsldapmodify -p port -D admindn -w adminpwd dn: cn=ssl,cn=configuration changetype: modify add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_RSA_WITH_AES_256_CBC_SHA256 Example 5: To verify the ciphers that a server supports for secure communications when IBMSLAPD_SECURITY_PROTOCOL is set with SSLV3,TLS10,TLS11, run the ldapsearch command for the root DSE results. In the search results, check the ibm-sslciphers attribute value. idsldapsearch -p port -s base -b "" objectclass=* ibm-sslciphers ibm-sslciphers=352f04050a In this example, the ibm-sslciphers attribute in the output lists the hex values of all the ciphers in the configuration file for the SSLv3, TLS 1.0, and TLS 1.1 protocols. The ibm-sslciphers attribute is listed when the ibm-slapdsecurity attribute is set to SSL, SSLOnly, orssltls. Iftheibm-slapdSecurity attribute is set to TLS, the ibm-sslciphers attribute is not listed in search results. Example 6: To verify the ciphers that a server supports for secure communications when IBMSLAPD_SECURITY_PROTOCOL is set with SSLV3,TLS10,TLS11,TLS12, run the ldapsearch command for the root DSE results. In the search results, check the values of the ibm-sslciphers and ibm-tlsciphers attributes. idsldapsearch -p port -s base -b "" objectclass=* ibm-sslciphers ibm-tlsciphers ibm-sslciphers=352f04050a ibm-tlsciphers=tls_rsa_with_rc4_128_sha,tls_rsa_with_3des_ede_cbc_sha, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Support for the transition to NIST SP A 11

22 In this example, the ibm-sslciphers attribute in the output lists the hex values of all the ciphers in the configuration file for the SSLv3, TLS 1.0, and TLS 1.1 protocols. The SSLv3, TLS 1.0, and TLS 1.1 ciphers are listed by concatenating the hex values of the ciphers in the configuration file. The ibm-tlsciphers attribute in the output lists the ciphers in the configuration file for the TLS 1.2 protocol. The TLS 1.2 ciphers are listed as the comma-separated string. Note: The ibm-sslciphers and ibm-tlsciphers attributes are listed when the ibm-slapdsecurity attribute value is set to SSL, SSLOnly, orssltls in the configuration file. When the ibm-slapdsecurity attribute is set to TLS, the ibm-sslciphers and ibm-tlsciphers attributes are not listed in the search results. Example 7: You can also verify the ciphers that a server supports from the server trace. In the server trace file, check for the keyword cipher. To obtain the server trace, run the following commands: #ldtrc on #ibmslapd -h I dsrdbm01 2>&1 tee server_trace.txt Example 8: To verify the cipher that is used in a handshake, take the following actions for your operating system: AIX, Linux, Solaris, and HP-UX 1. Open a ksh or bash shell. 2. Run the following commands: export LDAP_DEBUG=65535 export LDAP_DEBUG_FILE=/tmp/ldapclient_trace.out idsldapsearch -h server -p port -Z -K key.kdb \ -P kpwd -s base -b "" objectclass=* security Microsoft Windows 1. Access the command prompt. 2. Run the following commands: set LDAP_DEBUG=65535 set LDAP_DEBUG_FILE=c:\ldapclient_trace.out idsldapsearch -h server -p port -Z -K key.kdb -P kpwd -s base -b "" objectclass=* security Configuring a secure directory server with protocols and ciphers You can configure a secure directory server with the required protocols based on the security requirements of your LDAP environment. Before you begin Create the key database file and certificate for secure communications. For more information, see the Key database, Certificate, and Certificate request chapters in the GSKCapiCmd User's Guide. Set the required permissions (rwx) on the key database file, certificate, and file path for the directory server instance owner. 12 Directory Server: Support for NIST SP A

23 About this task You can configure a directory server to accept secure connections with the SSL and TLS protocols or the Start TLS extended operation. You can configure a directory server to use a subset of protocols by setting the IBMSLAPD_SECURITY_PROTOCOL variable to the required value. To set more than one protocol, you must separate the protocol values with commas (,) and without spaces. If you use spaces, the directory server might not get configured with the required protocols. If you add more than one entry of the ibm-slapdsetenv attribute with IBMSLAPD_SECURITY_PROTOCOL in the configuration file, then the value of the last added entry is used. If the IBMSLAPD_SECURITY_PROTOCOL variable is set with a value other than SSLV3,TLS10,TLS11, or TLS12, the directory server continues with the existing server settings. Procedure 1. Log in as the instance owner. 2. To configure a directory server for secure communications, run the idsldapmodify command. idsldapmodify -h server.com -p port -D admindn -w adminpwd -i config_file.ldif where, the config_file.ldif file contains the following entries: dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslauth ibm-slapdsslauth: serverclientauth dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsecurity ibm-slapdsecurity: SSLTLS dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslkeydatabase ibm-slapdsslkeydatabase: /home/dsrdbm01/keys/serverkey.kdb dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslcertificate ibm-slapdsslcertificate: serverlabel dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslkeydatabasepw ibm-slapdsslkeydatabasepw: keyfilepwd 3. Set the ibm-slapdsetenv attribute with IBMSLAPD_SECURITY_PROTOCOL and the required protocol value in the configuration file. To set the SSLv3, TLS 1.0, TLS 1.1, and TLS 1.2 protocols: Run the idsldapmodify command. For example: idsldapmodify -h host_name -p port -D admindn -w adminpwd dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SECURITY_PROTOCOL=SSLV3,TLS10,TLS11,TLS12 Support for the transition to NIST SP A 13

24 To set the TLS 1.2 protocol: Run the idsldapmodify command. For example: idsldapmodify -h host_name -p port -D admindn -w adminpwd dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS12 4. To add the TLS 1.2 ciphers in the configuration file, run the following command: idsldapmodify -p port -D admindn -w adminpwd -i TLS12cipher_file.ldif where, the TLS12cipher_file.ldif file contains the following entries: dn: cn=ssl,cn=configuration changetype: modify add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_RSA_WITH_AES_256_CBC_SHA256 - add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA Restart the directory server and administration server to effect the changes made. ibmslapd -I dsrdbm01 -k ibmdiradm -I dsrdbm01 -k ibmslapd -I dsrdbm01 -n ibmdiradm -I dsrdbm01 TLS 1.2 signature and hash algorithms You can use the TLS 1.2 signature and hash algorithms to restrict communication to the TLS 1.2 protocol and certificates that meet the signature and hash algorithm criteria. To configure IBM Tivoli Directory Server with the TLS 1.2 signature and hash algorithm restrictions, you must configure the server for secure communications with the TLS 1.2 protocol. You must set the ibm-slapdsecurity attribute to one of the following values: SSL, SSLOnly, or SSLTLS. To use TLS 1.2 signature and hash algorithm restrictions, you must install IBM Global Security Kit (GSKit), version or later. When you set the TLS 1.2 signature and hash algorithm restrictions, the server verifies the client certificates in a chain for compliance with the TLS 1.2 signature and hash algorithm settings. If the client certificate does not meet the set restrictions, the communication fails. By default, the TLS 1.2 signature and hash algorithm restriction is disabled on a directory server. To configure a server with the TLS 1.2 signature and hash algorithm restrictions, you must set the IBMSLAPD_SSL_EXTN_SIGALG variable with an appropriate value. To set more than one TLS 1.2 signature and hash algorithm value, you must separate the values with commas (,) and without spaces. If you use spaces, the server might not be configured with the required TLS 14 Directory Server: Support for NIST SP A

25 1.2 signature and hash algorithms. If the variable is set with a value other than the valid TLS 1.2 signature and hash algorithms, then communication with the TLS 1.2 protocol might fail. The following TLS 1.2 signature and hash algorithms are supported: GSK_TLS_SIGALG_RSA_WITH_SHA224 GSK_TLS_SIGALG_RSA_WITH_SHA256 GSK_TLS_SIGALG_RSA_WITH_SHA384 GSK_TLS_SIGALG_RSA_WITH_SHA512 GSK_TLS_SIGALG_ECDSA_WITH_SHA224 GSK_TLS_SIGALG_ECDSA_WITH_SHA256 GSK_TLS_SIGALG_ECDSA_WITH_SHA384 GSK_TLS_SIGALG_ECDSA_WITH_SHA512 Note: v If a server is not configured to communicate with the TLS 1.2 protocol, the value that is set in IBMSLAPD_SSL_EXTN_SIGALG is ignored and the server uses the existing settings. v When you configure a server with the TLS 1.2 signature and hash algorithm restrictions, the server listens only on the secure port. Configuring the TLS 1.2 signature and hash algorithm restriction You can configure the TLS 1.2 signature and hash algorithm restrictions on a directory server to use with the TLS 1.2 protocol for secure communications. Before you begin Create the key database file and certificate for secure communications. For more information, see the Key database, Certificate, and Certificate request chapters in the GSKCapiCmd User's Guide. Set the required permissions (rwx) on the key database file, certificate, and file path for the directory server instance owner. Procedure 1. Log in as the instance owner. 2. To configure a directory server for secure communication and to add the TLS 1.2 ciphers, run the idsldapmodify command. idsldapmodify -h server.com -p port -D admindn -w adminpwd -i sign_config.ldif where, the sign_config.ldif file contains the following entries: dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslauth ibm-slapdsslauth: serverclientauth dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsecurity ibm-slapdsecurity: SSL dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslkeydatabase ibm-slapdsslkeydatabase: /home/dsrdbm01/keys/serverkey.kdb dn: cn=ssl, cn=configuration Support for the transition to NIST SP A 15

26 changetype: modify replace: ibm-slapdsslcertificate ibm-slapdsslcertificate: serverlabel dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslkeydatabasepw ibm-slapdsslkeydatabasepw: keyfilepwd dn: cn=ssl,cn=configuration changetype: modify add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_RSA_WITH_AES_256_CBC_SHA256 dn: cn=ssl,cn=configuration changetype: modify add: ibm-slapdsslcipherspec ibm-slapdsslcipherspec: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Set the ibm-slapdsetenv attribute with IBMSLAPD_SECURITY_PROTOCOL and the TLS12 protocol value. To set the TLS 1.2 protocol: Run the idsldapmodify command. For example: idsldapmodify -h host_name -p port -D admindn -w adminpwd dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SECURITY_PROTOCOL=TLS12 4. Set the ibm-slapdsetenv attribute with IBMSLAPD_SSL_EXTN_SIGALG and the required signature and hash algorithm values in the configuration file. To set the TLS 1.2 signature and hash algorithm restrictions: Run the idsldapmodify command. For example: idsldapmodify -h host_name -p port -D admindn -w adminpwd dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SSL_EXTN_SIGALG=GSK_TLS_SIGALG_RSA_WITH_SHA Restart the directory server and administration server to effect the changes made. For example: ibmslapd -I dsrdbm01 -k ibmdiradm -I dsrdbm01 -k ibmslapd -I dsrdbm01 -n ibmdiradm -I dsrdbm01 Tivoli Directory Server with Suite B mode You can use Suite B mode in IBM Tivoli Directory Server to meet the enhanced security requirements of an LDAP environment. Suite B mode is a restrictive subset of the NIST SP A specification. Suite B defines the cryptographic algorithm policy to use with the Transport Layer Security (TLS) 1.2 protocol version. To configure a directory server in Suite B mode, you must configure the directory server for secure communications. You must set the ibm-slapdsecurity attribute to one of the following values: SSL, SSLOnly, or SSLTLS. To use Suite B mode, you must install IBM Global Security Kit (GSKit), version or later. 16 Directory Server: Support for NIST SP A

27 Configuring a directory server in Suite B mode restricts secure communication to the following protocol, cipher, certificates, and signature and hash algorithms. Protocol The TLS 1.2 protocol is the only supported protocol in Suite B mode. Public keys The public key for certificates must be of minimum size EC 256 bits. Signature algorithm The signature algorithm for certificates must be of minimum size ECDSA 256 bits (curve P256) and SHA256. Hash algorithm The hash algorithm must have the minimum size of SHA256. Cipher specification The following ciphers are supported for Suite B mode. v TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Important: To use ciphers with stronger signature and hash algorithms, the certificates of server key file must have similar or stronger signature and hash algorithms. Suite B supports two levels of cryptographic security: 128 bit and 192 bit. The level defines a minimum strength that all cryptographic algorithms must provide. In Suite B 128-bit processing mode, the supported cipher suites are: v TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 In Suite B 192-bit processing mode, the supported cipher suite is TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384. CAUTION: Communication might fail between a server in Suite B mode and client utilities that are using unsupported protocols, ciphers, and signature and hash algorithms. Note: v You must configure servers in a replication, distributed directory, or pass-through authentication topology, with the same Suite B cryptographic security level. v When you configure a server with a key database file with certificates that meet Suite B criteria, the server does additional processing to secure connections with the TLS 1.2 protocol. Therefore, the server might require more processing time to secure connections with Suite B mode. Configuration settings for Suite B mode To configure a directory server with Suite B mode, you must set the IBMSLAPD_SUITEB_MODE variable with an appropriate cryptographic security level. If the value of the variable is other than 128 or 192, then Suite B mode is not configured and the server continues with the existing settings. You must restart the directory server and the administration server for the changes to take effect. Support for the transition to NIST SP A 17

28 If you specify more than one IBMSLAPD_SUITEB_MODE variable with 128 or 192 as value, then the last set value is used. If the ibm-slapdsecurity attribute is set to TLS, then the server is not configured in Suite B mode even if the IBMSLAPD_SUITEB_MODE variable is set to a valid value. After you configure a directory server in Suite B mode, a search against the server for root DSE result lists the ibm-slapdsuitebmode attribute. Based on the Suite B cryptographic security level that is set on the server, the root DSE search lists ibm-slapdsuitebmode=128 or ibm-slapdsuitebmode=192 in the search results. Note: v When you configure a directory server with Suite B mode, the server uses the TLS 1.2 protocol for communication. You are not required to set IBMSLAPD_SECURITY_PROTOCOL to TLS12 on the directory server to configure Suite B mode. v When you set a server in Suite B mode, you are not required to add the ibm-slapdsslcipherspec attribute entries with the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphers in the configuration file. The server uses the supported Suite B ciphers available in the set GSKit environment. Log messages To verify whether a directory server is configured in Suite B mode, check the server startup messages or the ibmslapd.log file. The message describes whether Suite B mode is enabled or disabled. When Suite B mode is enabled, the directory server also shows the cryptographic security level that is set on the server. On AIX, Linux, and Solaris systems The default location of the ibmslapd.log file is instance_home/idsslapdinstance_name/logs directory. On Windows systems The default location of the ibmslapd.log file is drive\idsslapdinstance_name\logs directory. For detailed messages about Suite B, you must check the server trace messages. Examples Example 1: To configure a directory server in Suite B mode with the 128-bit cryptographic security, run the following command: idsldapmodify -h host_name -p port -D admindn -w adminpwd -i suiteb128.ldif where, the suiteb128.ldif file contains the following entries: dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SUITEB_MODE=128 Example 2: To configure a directory server in Suite B mode with the 192-bit cryptographic security, run the following command: idsldapmodify -h host_name -p port -D admindn -w adminpwd -i suiteb192.ldif 18 Directory Server: Support for NIST SP A

29 where, the suiteb192.ldif file contains the following entries: dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SUITEB_MODE=192 Example 3: If a directory server is configured in Suite B mode with the 128-bit cryptographic security, the root DSE search returns the following results: idsldapsearch -p secure_port -Z -K clientkey.kdb \ -P clientpwd -s base -b "" objectclass =* ibm-slapdsuitebmode ibm-slapdsuitebmode=128 Example 4: If a directory server is configured in Suite B mode with the 192-bit cryptographic security, the root DSE search returns the following results: idsldapsearch -p secure_port -Z -K clientkey.kdb \ -P clientpwd -s base -b "" objectclass =* ibm-slapdsuitebmode ibm-slapdsuitebmode=192 Example 5: To obtain server trace messages, run the following commands: ldtrc on ibmslapd -h I dsrdbm01 2>&1 tee server_trace.txt Configuring Suite B mode in Tivoli Directory Server You can configure IBM Tivoli Directory Server in Suite B mode to secure communications with the TLS 1.2 protocol and the supported Suite B ciphers. Before you begin Create the key database file and certificate for the required Suite B cryptographic security level. For more information, see the Key database, Certificate, and Certificate request chapters in the GSKCapiCmd User's Guide. Set the required permissions (rwx) on the key database file, certificate, and file path for the directory server instance owner. About this task You can configure your directory server in Suite B mode to 128 or 192-bit cryptographic security level. Procedure 1. Log in as the instance owner. 2. To configure a directory server for secure communications, run the idsldapmodify command. idsldapmodify -h server.com -p port -D admindn -w adminpwd -i suiteb_file.ldif where, the suiteb_file.ldif file contains the following entries: dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslauth ibm-slapdsslauth: serverclientauth Support for the transition to NIST SP A 19

30 dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsecurity ibm-slapdsecurity: SSL dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslkeydatabase ibm-slapdsslkeydatabase: /home/dsrdbm01/keys/serverkey.kdb dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslcertificate ibm-slapdsslcertificate: serverlabel dn: cn=ssl, cn=configuration changetype: modify replace: ibm-slapdsslkeydatabasepw ibm-slapdsslkeydatabasepw: keyfilepwd 3. Set the ibm-slapdsetenv attribute with IBMSLAPD_SUITEB_MODE and an appropriate cryptographic security level in the configuration file. To set Suite B mode to 128-bit profile: Run the idsldapmodify command. For example: idsldapmodify -h host_name -p port -D admindn -w adminpwd dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SUITEB_MODE=128 To set Suite B mode to 192-bit profile: Run the idsldapmodify command. For example: idsldapmodify -h host_name -p port -D admindn -w adminpwd dn: cn=front End, cn=configuration changetype: modify add: ibm-slapdsetenv ibm-slapdsetenv: IBMSLAPD_SUITEB_MODE= Restart the directory server and administration server to effect the changes made. For example: ibmslapd -I dsrdbm01 -k ibmdiradm -I dsrdbm01 -k ibmslapd -I dsrdbm01 -n ibmdiradm -I dsrdbm01 Support for NIST SP A features and directory server topologies You must identify the behavior of directory servers in a topology that are configured to support the transition to NIST SP A. When you use IBM Tivoli Directory Server, version 6.3, Fix Pack 17 servers in a topology for secure communications, the following behavior is observed: Replication topology: In a replication topology, the supplier server and the consumer server use the most secure protocol that is set on the consumer server. For secure communications, a cipher with the highest priority in the configuration file of the consumer server that is supported by the protocol is used. If you configure the TLS 1.2 signature and hash algorithm restrictions, the certificates on the supplier server must be signed by the signature and hash algorithm that is configured on the consumer server. 20 Directory Server: Support for NIST SP A

31 In a replication topology, you must configure the supplier server and the consumer server with the same Suite B cryptographic security level. Distributed directory: In a distributed directory topology, the proxy server and back-end server use the most secure protocol that is set on the back-end server. For secure communications, a cipher with the highest priority in the configuration file of the back-end server that is supported by the protocol is used. If you configure the TLS 1.2 signature and hash algorithm restrictions, the certificates on the proxy server must be signed by the signature and hash algorithm that is configured on the back-end server. In a distributed directory setup, you must configure the proxy server and the back-end server with the same Suite B cryptographic security level. Pass-through authentication: In a pass-through authentication setup, the authenticating server and pass-through server use the most secure protocol that is set on the pass-through server. For secure communications, a cipher with the highest priority in the configuration file of the pass-through server that is supported by the protocol is used. If you configure the TLS 1.2 signature and hash algorithm restrictions, the certificates on the authenticating server must be signed by the signature and hash algorithm that is configured on the pass-through server. In a pass-through authentication, you must configure the authenticating server and the pass-through server with the same Suite B cryptographic security level. Support for the transition to NIST SP A 21

32 22 Directory Server: Support for NIST SP A

33 Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities You must identify the client utilities that support the protocol, cryptographic algorithms, and key lengths that are required for the transition to NIST SP A. You can configure a Tivoli Directory Server client environment to meet the NIST SP A guidelines. The following client utilities support various protocols, ciphers, TLS 1.2 signature and hash algorithms, and Suite B mode: idsdirctl A command to start, stop, restart, or query the status of IBM Tivoli Directory Server. idsldapadd, idsldapmodify A command to add or modify LDAP entries. idsldapchangepwd A command to modify password for an LDAP entry. idsldapdelete A command to delete one or more entries from a directory server. idsldapexop A command to run extended operations. idsldapmodrdn A command to modify the relative distinguished name (RDN) or change the parent of an entry. idsldapsearch A command to search entries that match a filter from a directory server. Client utilities with SSL and TLS protocols You can use the supported SSL and TLS protocol versions in IBM Tivoli Directory Server client environment for secure communications with a directory server. You can set a secure protocol or multiple protocols in an LDAP client environment. You can use the following protocols with the client utilities to secure connections with a directory server. v SSLv3 v TLS 1.0 v TLS 1.1 v TLS 1.2 When you use a protocol with a client utility to send a connection request, the connection is established if the protocol is also set on the server. The server and client negotiates for the most secure cipher available for the protocol to establish a secure connection. If the protocol used in the request is not set on the server, then the secure connection fails. If you do not specify a protocol in an LDAP client environment, the SSLv3/TLS 1.0 protocol suite is used by default for secure connections. 23

34 Previous versions of Tivoli Directory Server might fail to connect with the Tivoli Directory Server, version 6.3, Fix Pack 17 client utility that is set with the TLS 1.2 protocol. NIST SP A transition guidelines for client environment For the transition to SP A guidelines, you must consider the following points: v v v v Configure a client environment with the TLS 1.2 protocol for secure communications. Optionally, disable other protocols, such as SSLv3, TLS 1.0, andtls 1.1. You can disable other protocols by setting the LDAP_OPT_SECURITY_PROTOCOL variable to TLS12. Obtain key database files with certificates that are created with: The RSA keys of a minimum size of 2048 bits. The elliptic curve (EC) keys of a minimum size of 160-bits or curve p160. Use the digital signatures with a minimum of SHA2 (SHA 256) in certificates. A client environment that is set with a key database file created with a previous version of GSKit might work with the TLS 1.2 protocol. From the supported TLS 1.2 ciphers, the ciphers that meet the following conditions might work with the existing certificates: v The public key of certificates and ciphers are compatible. v The signature and hash algorithms of certificates and ciphers are compatible. The scenarios that require a change in the certificate are: v To use ciphers with a different public key when compared to the public key in the existing certificate. v To use signature and hash algorithms that meet the NIST SP A guidelines. If the existing certificates do not meet the NIST SP A requirement, obtain certificates that meet the requirements. For more information, see the Key database, Certificate, and Certificate request chapters in the GSKCapiCmd User's Guide. You can download the GSKCapiCmd User's Guide from the ftp://ftp.software.ibm.com/ software/webserver/appserv/library/v80/gsk_capicmd_userguide.pdf website. Environment variable to set protocols in an LDAP client environment To configure protocols for secure communications in an LDAP client environment, set the LDAP_OPT_SECURITY_PROTOCOL variable with the appropriate protocol values. For the client utility to negotiate with one of the available protocols on the server, you must separate the protocol values with commas (,) and without spaces. If you use spaces, the client utility might not be configured with the required protocols. The table lists the supported protocols and their values for the LDAP_OPT_SECURITY_PROTOCOL variable. When multiple protocols are set, the server and client negotiates for the most secure protocol and cipher available with the server and client for that protocol. 24 Directory Server: Support for NIST SP A

35 Table 3. Values to specify in LDAP_OPT_SECURITY_PROTOCOL for protocols Protocols SSLv3 TLS 1.0 TLS 1.1 TLS 1.2 Values to set in LDAP_OPT_SECURITY_PROTOCOL SSLV3 TLS10 TLS11 TLS12 Important: v When you provide ciphers for a protocol, the list of ciphers you provide overrides the cipher list of an LDAP client for that protocol. The ciphers that you specify for a protocol with an LDAP client must be a subset of ciphers available with the directory server for that protocol. v When you provide protocols and ciphers from an LDAP client, you must: Provide the ciphers that are available on all protocol levels. Provide more cipher coverage for the higher protocol than the lower protocol. v For example, the LDAP_OPT_SECURITY_PROTOCOL variable is set with TLS10,TLS12 protocols. If you set LDAP_OPT_SSL_CIPHER with 35 (single-byte notation), which has an RFC 5246 Standard notation of TLS_RSA_WITH_AES_256_CBC_SHA, then you must also set LDAP_OPT_SSL_CIPHER_EX with the TLS_RSA_WITH_AES_256_CBC_SHA cipher for TLS12. If multiple protocols are set, then the highest protocol must contain the ciphers with higher priority. The priority is based on the order of the ciphers in the directory server configuration file. Configuring protocols in a client environment You can configure the required SSL or TLS protocol versions in the client environment to securely communicate with a directory server. Before you begin v Install the IBM Tivoli Directory Server, version 6.3, Fix Pack 17 client package. v Install IBM Global Security Kit (GSKit), version or later. Procedure 1. Access the command line for your operating system. 2. Set the value of the LDAP_OPT_SECURITY_PROTOCOL variable with the appropriate protocol values. Note: If you run the bash shell on a Windows system, you can follow the UNIX conventions. To set the SSLv3, TLS 1.0, TLS 1.1, and TLS 1.2 protocols in an LDAP client environment: Platform AIX, Linux, Solaris, and HP-UX Windows Run this command: $export LDAP_OPT_SECURITY_PROTOCOL=SSLV3,TLS10,TLS11,TLS12 c:\> set LDAP_OPT_SECURITY_PROTOCOL=SSLV3,TLS10,TLS11,TLS12 To set the TLS 1.2 protocol in an LDAP client environment: Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities 25

36 Platform AIX, Linux, Solaris, and HP-UX Windows Run this command: $export LDAP_OPT_SECURITY_PROTOCOL=TLS12 c:\> set LDAP_OPT_SECURITY_PROTOCOL=TLS12 3. Run the client utilities from the same console after you configure the required protocols. For example: export LDAP_OPT_SECURITY_PROTOCOL=TLS12 idsldapsearch -h server.com -p secure_port -Z -K clientkey.kdb \ -P clientpwd -s base -b "" objectclass =* security security=ssltls What to do next Client utilities and ciphers After you configure protocols in a client environment, configure the appropriate ciphers for the protocols. For more information, see Client utilities and ciphers. You can set specific ciphers for the protocols that are set in a client environment to securely communicate with a directory server. If you do not set ciphers for the protocols, the server and the client uses the most secure protocol and the default ciphers. For more information about the supported ciphers and protocols, see Appendix A, Protocols and ciphers in Tivoli Directory Server, version 6.3, Fix Pack 17 or later, on page 43. Environment variable to set ciphers for the SSLv3, TLS 1.0, or TLS 1.1 protocol in an LDAP client environment To set ciphers for the SSLv3, TLS 1.0, ortls 1.1 protocol in an LDAP client environment, you must set the LDAP_OPT_SSL_CIPHER variable with the appropriate cipher values. For the client utility to negotiate with one or more ciphers available on the server, you must specify the hex values of ciphers in the LDAP_OPT_SSL_CIPHER variable. The ciphers must not be separated by a delimiter. If you do not specify any protocols and ciphers, the client utilities use the SSLv3/TLS 1.0 protocol suite and a cipher from the default list of ciphers 352F04050A When you set a cipher, you must also set the LDAP_OPT_SECURITY_PROTOCOL variable with the SSLV3, TLS10, or TLS11 protocol value. Environment variable to set ciphers for the TLS 1.2 protocol in an LDAP client environment To set ciphers for the TLS 1.2 protocol in an LDAP client environment, you must set the LDAP_OPT_SSL_CIPHER_EX variable with the appropriate cipher values. 26 Directory Server: Support for NIST SP A

37 For the client utility to negotiate by using one of the available TLS 1.2 ciphers, you must separate the ciphers with commas (,) and without spaces. If you specify spaces, the client environment might not be configured with the required TLS 1.2 ciphers. When you set a TLS 1.2 cipher, you must also set the LDAP_OPT_SECURITY_PROTOCOL variable with the TLS12 protocol value. Configuring ciphers in a client environment You can configure the supported ciphers for the set protocols in the IBM Tivoli Directory Server client environment for secure communication with a directory server. Before you begin v Install the IBM Tivoli Directory Server, version 6.3, Fix Pack 17 client package. v Install IBM Global Security Kit (GSKit), version or later. About this task Set the LDAP_OPT_SSL_CIPHER variable to configure ciphers for the SSLv3, TLS 1.0, or TLS 1.1 protocol. Set the LDAP_OPT_SSL_CIPHER_EX variable to configure ciphers for the TLS 1.2 protocol. For SSLv3, TLS 1.0, ortls 1.1, use the hex value of ciphers. For TLS 1.2, use TLS 1.2 ciphers. Procedure 1. Access the command line for your operating system. 2. Set the ciphers for the required protocols in the client environment. Note: If you run the bash shell on a Windows system, you can follow the UNIX conventions. To set ciphers for the SSLv3, TLS 1.0, ortls 1.1 protocol in an LDAP client environment: On AIX, Linux, Solaris, and HP-UX platforms $export LDAP_OPT_SSL_CIPHER=352F04050A09 On Windows platforms c:\> set LDAP_OPT_SSL_CIPHER=352F04050A09 To set ciphers for the TLS 1.2 protocol in an LDAP client environment: On AIX, Linux, Solaris, and HP-UX platforms $export LDAP_OPT_SSL_CIPHER_EX=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 On Windows platforms c:\> set LDAP_OPT_SSL_CIPHER_EX=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Run the client utilities from the same console after you configure the required ciphers. For example: export LDAP_OPT_SECURITY_PROTOCOL=SSLV3,TLS10,TLS11,TLS12 export LDAP_OPT_SSL_CIPHER=352F04050A09 export LDAP_OPT_SSL_CIPHER_EX=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities 27

38 idsldapsearch -h server.com -p secure_port -Z -K clientkey.kdb \ -P clientpwd -s base -b "" objectclass =* security security=ssltls Client utilities and TLS 1.2 signature and hash algorithms You can restrict the communication between a client utility and a server to use the supported TLS 1.2 signature and hash algorithms with the TLS 1.2 protocol. To use IBM Tivoli Directory Server client environment with the TLS 1.2 signature and hash algorithm restrictions, you must set the client environment for secure communications with the TLS 1.2 protocol. When you set TLS 1.2 signature and hash algorithms, the client verifies server certificates in a chain for compliance with signature and hash algorithm settings. If the server certificate does not meet the set restrictions, the communication fails. After you configure the TLS 1.2 signature and hash algorithms, you must bind to the secure port of a directory server from a client utility. The following TLS 1.2 signature and hash algorithms are supported: GSK_TLS_SIGALG_RSA_WITH_SHA224 GSK_TLS_SIGALG_RSA_WITH_SHA256 GSK_TLS_SIGALG_RSA_WITH_SHA384 GSK_TLS_SIGALG_RSA_WITH_SHA512 GSK_TLS_SIGALG_ECDSA_WITH_SHA224 GSK_TLS_SIGALG_ECDSA_WITH_SHA256 GSK_TLS_SIGALG_ECDSA_WITH_SHA384 GSK_TLS_SIGALG_ECDSA_WITH_SHA512 Environment variable to set TLS 1.2 signature and hash algorithms in an LDAP client environment To set the TLS 1.2 signature and hash algorithms in an LDAP client environment, you must set the LDAP_OPT_SSL_EXTN_SIGALG variable with the appropriate values. To use more than one TLS 1.2 signature and hash algorithm, you must separate the TLS 1.2 signature and hash algorithm values with commas (,) and without spaces. If you use spaces, the client environment might not be configured with the required TLS 1.2 signature and hash algorithms. If the variable is set with an invalid value, the communication with the TLS 1.2 protocol might fail. Note: v You must set the LDAP_OPT_SECURITY_PROTOCOL variable with the TLS12 value in the client environment. Configuring the TLS 1.2 signature and hash algorithm restriction in a client environment You can configure the TLS 1.2 signature and hash algorithm restrictions in a client environment to secure communications with the TLS 1.2 protocol. 28 Directory Server: Support for NIST SP A

39 Before you begin v v Install the IBM Tivoli Directory Server, version 6.3, Fix Pack 17 client package. Install IBM Global Security Kit (GSKit), version or later. Procedure 1. Access the command line for your operating system. 2. Set the LDAP_OPT_SSL_EXTN_SIGALG variable with the TLS 1.2 signature and hash algorithm values. Note: If you run the bash shell on a Windows system, you can follow the UNIX conventions. On AIX, Linux, Solaris, and HP-UX platforms $export LDAP_OPT_SSL_EXTN_SIGALG=GSK_TLS_SIGALG_RSA_WITH_SHA256,GSK_TLS_SIGALG_ECDSA_WITH_SHA256 On Windows platforms c:\> set LDAP_OPT_SSL_EXTN_SIGALG=GSK_TLS_SIGALG_RSA_WITH_SHA256,GSK_TLS_SIGALG_ECDSA_WITH_SHA Run the client utilities from the same console after you configure the TLS 1.2 signature and hash algorithm restrictions. For example: export LDAP_OPT_SECURITY_PROTOCOL=TLS12 export LDAP_OPT_SSL_CIPHER_EX=TLS_RSA_WITH_AES_256_CBC_SHA256 export LDAP_OPT_SSL_EXTN_SIGALG=GSK_TLS_SIGALG_RSA_WITH_SHA256 idsldapsearch -h server.com -p secure_port -Z -K clientkey.kdb \ -P clientpwd -s base -b "" objectclass =* security security=ssltls Client utilities and Suite B mode You can set Suite B mode in a client environment to use the TLS 1.2 protocol and the Suite B ciphers for secure communication with a directory server. When you set an LDAP client environment in Suite B mode, you must bind to the secure port of a directory server with a client utility. Configuring a client environment in Suite B mode restricts secure communication to the following protocol, cipher, certificates, and signature and hash algorithms. Protocol The TLS 1.2 protocol is the only supported protocol in Suite B mode. Public keys The public key for certificates must be of minimum size EC 256 bits. Signature algorithm The signature algorithm for certificates must be of minimum size ECDSA 256 bits (curve P256) and SHA256. Hash algorithm The hash algorithm must have the minimum size of SHA256. Cipher specification The following ciphers are supported for Suite B mode. v TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities 29

40 Important: To use ciphers with stronger signature and hash algorithms, the certificates of client key file must have similar or stronger signature and hash algorithms. Suite B supports two levels of cryptographic security: 128 bit and 192 bit. The level defines a minimum strength that all cryptographic algorithms must provide. In Suite B 128-bit processing mode, the following ciphers are supported: v TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 In Suite B 192-bit processing mode, the following cipher is supported: v TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Environment variable to set for Suite B mode in an LDAP client environment To configure Suite B mode in an LDAP client environment, you must set the LDAP_OPT_SUITEB_MODE variable with a valid Suite B cryptographic security level. For Suite B 128-bit processing mode, you must assign 128 to the variable. For Suite B 192-bit processing mode, you must assign 192 to the variable. Note: v When you configure a client environment in Suite B mode, the client utility uses the TLS 1.2 protocol for communication. You must not set LDAP_OPT_SECURITY_PROTOCOL to TLS12 in the client environment to configure Suite B mode. v When you set a client environment in Suite B mode, you must not set the LDAP_OPT_SSL_CIPHER_EX variable with the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 ciphers. A client utility uses the supported Suite B ciphers available in the set GSKit environment. CAUTION: Communication might fail between client utilities in Suite B mode and servers that are using unsupported protocols, ciphers, and signature and hash algorithms. Configuring Suite B mode in a client environment You can configure Suite B mode in a client environment to secure communications with a directory server that is configured with the Suite B mode. Before you begin v Install the IBM Tivoli Directory Server, version 6.3, Fix Pack 17 client package. v Install IBM Global Security Kit (GSKit), version or later. About this task You can configure Suite B mode to 128 bit or 192-bit cryptographic security level in a client environment. Procedure 1. Access the command line for your operating system. 30 Directory Server: Support for NIST SP A

41 2. Set the LDAP_OPT_SUITEB_MODE variable with a valid Suite B cryptographic security level. Note: If you run the bash shell on a Windows system, you can follow the UNIX conventions. To set Suite B mode to 128-bit cryptographic security level: Platform AIX, Linux, Solaris, and HP-UX Windows Run this command: $export LDAP_OPT_SUITEB_MODE=128 c:\> set LDAP_OPT_SUITEB_MODE=128 To set Suite B mode to 192-bit cryptographic security level: Platform AIX, Linux, Solaris, and HP-UX Windows Run this command: $export LDAP_OPT_SUITEB_MODE=192 c:\> set LDAP_OPT_SUITEB_MODE= Run the client utilities from the same console after you configure Suite B mode. For example: export LDAP_OPT_SUITEB_MODE=128 idsldapsearch -h server.com -p secure_port -Z -K clientkey.kdb \ -P clientpwd -s base -b "" objectclass =* ibm-slapdsuitebmode ibm-slapdsuitebmode=128 Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities 31

42 32 Directory Server: Support for NIST SP A

43 Application programming interfaces LDAP_SET_OPTION You can use the LDAP APIs in IBM Tivoli Directory Server to develop an LDAP application. The following application programming interfaces (APIs) are updated in IBM Tivoli Directory Server, version 6.3, Fix Pack 17. v LDAP_SET_OPTION The following APIs are introduced: v LDAP_SSL_SET_EXTN_SIGALG on page 35 v LDAP_SSL_SET_SUITEB_MODE on page 36 You can use the ldap_set_option API in an LDAP application to access and set various LDAP session parameters. Purpose The ldap_set_option() API in an LDAP application sets the parameters for a secure connection with an LDAP server. The ldap_set_option() API calls the ldap_init(), ldap_ssl_init(), or ldap_open() API to initialize a session with an LDAP server. After the successful initialization, the ldap_set_option() API obtains a pointer to an LDAP structure. You must call this API before you issue a bind or any other operations that result in contacting the server. Synopsis #include <ldap.h> int ldap_set_option( LDAP *ld, int optiontoset, void *optionvalue) Input parameters ld Specifies the LDAP pointer that is returned by a call to ldap_init(), ldap_ssl_init() or ldap_open(). optiontoset Identifies the option value to set on the ldap_set_option() call. optionvalue Specifies the address of the value to set with ldap_set_option(). Session settings In versions earlier than IBM Tivoli Directory Server, version 6.3, Fix Pack 17, you can set ciphers for SSLv3/TLS 1.0 protocol suite with ldap_set_option(). From Tivoli Directory Server, version 6.3, Fix Pack 17, you can set protocols, such as SSLv3, TLS 1.0, TLS 1.1, ortls 1.2, and TLS 1.2 ciphers to use with the TLS 1.2 protocol with ldap_set_option(). You can set the options for an LDAP connection with ldap_set_option(). 33

44 You can set the following session settings with ldap_set_option(): LDAP_OPT_SSL_CIPHER Specifies a set of one or more ciphers to use for negotiating a cipher for the SSLv3, TLS 1.0, ortls 1.1 protocol with an LDAP server. Table 4. Supported ciphers for the SSLv3, TLS 1.0, or TLS 1.1 protocol Ciphers Supported by SSLv3 and TLS 1.0 Supported by TLS 1.1 SLAPD_SSL_RC4_MD5_EX "03" Yes No SLAPD_SSL_RC2_MD5_EX "06" Yes No SLAPD_SSL_RC4_SHA_US "05" Yes Yes SLAPD_SSL_RC4_MD5_US "04" Yes Yes SLAPD_SSL_DES_SHA_US "09" Yes Yes SLAPD_SSL_3DES_SHA_US "0A" Yes Yes SLAPD_SSL_AES_128_SHA_US "2F" Yes Yes SLAPD_SSL_AES_256_SHA_US "35" Yes Yes Note: The ciphers with 03 and 06 hex values are not supported by the TLS 1.1 protocol. To set one or more ciphers for the SSLv3, TLS 1.0, ortls 1.1 protocol, use the following example: char *setcipher = "352F090A"; ldap_set_option( ld, LDAP_OPT_SSL_CIPHER, setcipher); LDAP_OPT_SSL_CIPHER_EX Specifies a set of one or more TLS 1.2 ciphers to use for negotiating a cipher for the TLS 1.2 protocol with an LDAP server. To specify one or more TLS 1.2 ciphers, separate the ciphers by a comma (,). The following ciphers are supported by the TLS 1.2 protocol: TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 To set one or more ciphers for the TLS 1.2 protocol, use the following example: 34 Directory Server: Support for NIST SP A

45 Errors char *setcipher = "TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA"; ldap_set_option( ld, LDAP_OPT_SSL_CIPHER_EX, setcipher); LDAP_OPT_SSL_SECURITY_PROTOCOL Specifies a set of one or more protocols to use for secure communication with an LDAP server. The following macros are defined in the ldap.h header file to represent the protocols: #define LDAP_SECURITY_PROTOCOL_ALL "SSLV3,TLS10,TLS11,TLS12" #define LDAP_SECURITY_PROTOCOL_DEFAULT "SSLV3,TLS10" #define LDAP_SECURITY_PROTOCOL_SSLV3 "SSLV3" #define LDAP_SECURITY_PROTOCOL_TLSV10 "TLS10" #define LDAP_SECURITY_PROTOCOL_TLSV11 "TLS11" #define LDAP_SECURITY_PROTOCOL_TLSV12 "TLS12" To set all protocols for secure communication with an LDAP server, use the following example: ldap_set_option( ld, LDAP_OPT_SSL_SECURITY_PROTOCOL, LDAP_SECURITY_PROTOCOL_ALL); The ldap_set_option AP returns a nonzero value if an error occurs. To obtain a detailed error report, you must run the application in debug mode and check the debug traces. LDAP_SSL_SET_EXTN_SIGALG You can use the ldap_ssl_set_extn_sigalg API in an LDAP application to set TLS 1.2 signature and hash algorithms. Purpose You can use the ldap_ssl_set_extn_sigalg() API to set TLS 1.2 signature and hash algorithm restriction in an LDAP client environment. You must call this API before you issue a bind or any other operations that result in connecting to the server. Synopsis #include <ldap.h> int ldap_ssl_set_extn_sigalg( char *sigalg) Input parameters sigalg Specifies the address of the values to set with ldap_ssl_set_extn_sigalg(). Session settings In IBM Tivoli Directory Server, version 6.3, Fix Pack 17, you can restrict a client utility to communicate with the TLS 1.2 protocol and a set of TLS 1.2 signature and hash algorithm. You must set the required TLS 1.2 signature and hash algorithm values by calling the ldap_ssl_set_extn_sigalg() API before the gsk_envrionment_init call initializes the GSKit environment. Application programming interfaces 35

46 You must pass the sigalg parameter to ldap_ssl_set_extn_sigalg() and set the required TLS 1.2 signature and hash algorithm. The ldap_ssl_set_extn_sigalg() API sets the TLS 1.2 signature and hash algorithm restriction for the LDAP connection that is prepared after this call. The following values are supported by the sigalg parameter. GSK_TLS_SIGALG_RSA_WITH_SHA224 GSK_TLS_SIGALG_RSA_WITH_SHA256 GSK_TLS_SIGALG_RSA_WITH_SHA384 GSK_TLS_SIGALG_RSA_WITH_SHA512 GSK_TLS_SIGALG_ECDSA_WITH_SHA224 GSK_TLS_SIGALG_ECDSA_WITH_SHA256 GSK_TLS_SIGALG_ECDSA_WITH_SHA384 GSK_TLS_SIGALG_ECDSA_WITH_SHA512 Errors If an error occurs, the TLS 1.2 signature and hash algorithm restriction is not set. To obtain a detailed error report, you must run the application in debug mode and check the debug traces. Examples To configure TLS 1.2 signature and hash algorithm restriction for an LDAP client, you can use the following example. char *sigalg=null; if (ssl == 1){ if (sigalg!= NULL){ ldap_ssl_set_extn_sigalg(sigalg); } } LDAP_SSL_SET_SUITEB_MODE You can use the ldap_ssl_set_suiteb_mode API in an LDAP application to set Suite B mode. Purpose You can use the ldap_ssl_set_suiteb_mode() API in LDAP client utilities to set a Suite B mode value in a client environment. When you set Suite B mode in a client utility, the API sets Suite B mode internally in the GSKit environment. You must call this API before you issue a bind or any other operations that result in connecting to the server. Synopsis #include <ldap.h> int ldap_ssl_set_suiteb_mode( char *suitebenv) Input parameters suitebenv Specifies the address of the value to set with ldap_ssl_set_suiteb_mode(). 36 Directory Server: Support for NIST SP A

47 Session settings In IBM Tivoli Directory Server, version 6.3, Fix Pack 17, you can set Suite B mode in an LDAP client with the ldap_ssl_set_suiteb_mode() API. You must call the ldap_ssl_set_suiteb_mode() API with an appropriate value to set Suite B mode before initializing GSKit environment with the gsk_envrionment_init call. Suite B mode can be set when the ICC version of libraries is set in the GSKit environment. The FIPS-140 certified cryptographic modules must also be set in the GSkit environment. The ldap_ssl_set_suiteb_mode API configures the cryptographic modules are internally. The ldap_ssl_set_suiteb_mode() API might fail if the settings cannot be configured in the GSKit environment. You must pass the LDAP_OPT_SUITEB_MODE parameter to the ldap_ssl_set_suiteb_mode() API to set Suite B mode. The valid values for the LDAP_OPT_SUITEB_MODE parameter are: v 128 v 192 Before you prepare an LDAP connection, you must call the ldap_ssl_set_suiteb_mode() API and set the Suite B environment. After you set Suite B mode in an LDAP client environment, you must connect to the secure port of a directory server with an LDAP client. Note: An LDAP client internally uses the TLS 1.2 protocol to secure communication with a directory server. All other protocols, such as SSLv3, TLS 1.0, and TLS 1.1 are not supported. Errors If an error occurs, Suite B mode is not set. To obtain a detailed error report, you must run the application in debug mode and check the debug traces. Examples To configure Suite B mode for an LDAP client, use the following example: char *suitebenv=null; if (ssl == 1){ suitebenv = getenv("ldap_opt_suiteb_mode"); if (suitebenv!= NULL){ ldap_ssl_set_suiteb_mode(suitebenv); } } Application programming interfaces 37

48 38 Directory Server: Support for NIST SP A

49 Migration considerations You must find the existing directory server configuration settings to change the settings to support the transition to NIST SP A. If you are using IBM Tivoli Directory Server, version or previous version of servers for secure communications, the transition to NIST SP A is not supported. To support the transition to NIST SP A, you must consider the following points: v v v If you are using Tivoli Directory Server, version 6.3, general availability (GA) version or later, you must upgrade to Tivoli Directory Server, version 6.3, Fix Pack 17. If you are using Tivoli Directory Server, version 6.2 or previous versions, then you must first migrate to Tivoli Directory Server, version 6.3, GA. After the migration, you must upgrade to Tivoli Directory Server, version 6.3, Fix Pack 17. To support the transition to NIST SP A, you must install IBM Global Security Kit (GSKit), version or later for use with Tivoli Directory Server, version 6.3, Fix Pack 17. Considerations for changes to existing security settings to support transition to NIST SP A If a directory server is configured for secure communications, you must verify the server settings after you upgrade to Tivoli Directory Server, version 6.3, Fix Pack 17. To verify the existing security settings, run the idsldapsearch command against the server for the security attribute in the root DSE results. idsldapsearch -h server.com -p port -s base -b "" objectclass=* security If the security attribute value is tls, then you must consider the following points: v To configure a server with the TLS 1.2 protocol and TLS 1.2 supported ciphers, you can continue to use the ibm-slapdsecurity=tls entry in the configuration file. When you use this setting, a server can secure connections over an unsecured port with the Start TLS extended operation. However, you cannot use the TLS 1.2 protocol to secure connections with a server over a secure port. To configure a server to secure connections with the TLS 1.2 protocol and the Start TLS extended operation, set the ibm-slapdsecurity attribute to SSLTLS. For more information about configuring the TLS 1.2 protocol, see Configuring a secure directory server with protocols and ciphers on page 12. v To configure a server with the TLS 1.2 signature and hash algorithms, you must set the ibm-slapdsecurity attribute to one of the following values: SSL, SSLOnly, or SSLTLS. When you configure a server with the TLS 1.2 signature and hash algorithms, the server accepts a secure connection request over a secure port. Therefore, the client utilities that are configured to send secure connection requests over an unsecured port with the Start TLS extended operation might fail. For more information about configuring the TLS 1.2 signature and hash algorithms, see Configuring the TLS 1.2 signature and hash algorithm restriction on page 15. v To configure a server with Suite B mode, you must set the ibm-slapdsecurity attribute to one of the following values: SSL, SSLOnly, orssltls. When you configure a server with Suite B mode, the server accepts a secure connection request over a secure port. Therefore, the client utilities that are configured to 39

50 send secure connection requests over an unsecured port with the Start TLS extended operation might fail. For more information about configuring Suite B, see Configuring Suite B mode in Tivoli Directory Server on page 19. To support the transition to NIST SP A, you might require to replace the existing certificates that are used in the key database file. The scenarios that require a change in the certificate are: v To use ciphers with a different public key when compared of the public key in the existing certificates. v To use signature and hash algorithms that meet the NIST SP A guidelines. For more information about creating keys and certificates, see the Key database, Certificate, and Certificate request chapters in the GSKCapiCmd User's Guide. You can download the GSKCapiCmd User's Guide from the ftp://ftp.software.ibm.com/ software/webserver/appserv/library/v80/gsk_capicmd_userguide.pdf website. Interoperability with the previous versions of Tivoli Directory Server You must identify the correct Tivoli Directory Server versions and settings that are interoperable in an LDAP environment. The interoperability behavior of Tivoli Directory Server, version 6.3, Fix Pack 17 vary based on the support for NIST SP A are enabled or not. Support for the transition to NIST SP A are disabled The following behaviors are observed, when you use Tivoli Directory Server, version 6.3, Fix Pack 17 servers or clients without enabling the support for NIST SP A. In a directory server environment A Tivoli Directory Server, version 6.3, Fix Pack 17 server that is configured for secure communications can interoperate with the Tivoli Directory Server, version or previous versions servers. A Tivoli Directory Server, version 6.3, Fix Pack 17 server that is configured for secure communications can be used with previous versions of secure servers in the following topologies: v Replication v Distributed directory v Pass-though authentication A Tivoli Directory Server, version 6.3, Fix Pack 17 server can interoperate with the previous versions of client utilities and do not require any configuration changes. In a client environment You can use Tivoli Directory Server, version 6.3, Fix Pack 17 client utilities with the Tivoli Directory Server, version or previous version servers. 40 Directory Server: Support for NIST SP A Support for the transition to NIST SP A are enabled The following behaviors are observed, when you use Tivoli Directory Server, version 6.3, Fix Pack 17 servers or clients after you enable the support for NIST SP A.

51 In a directory server environment When you configure directory servers in a topology for secure communication, the following behaviors are observed: Replication topology: The replication fails if the supplier server is Tivoli Directory Server, version or previous versions and the consumer server is Tivoli Directory Server, version 6.3, Fix Pack 17 that is set with the TLS 1.2 protocol. The replication fails if you use a server that is configured with the TLS 1.2 signature and hash algorithm restrictions in a replication topology. The replication fails if you use a server that is configured with Suite B mode in a replication topology. Distributed directory: The distributed directory setup fails if the proxy server is Tivoli Directory Server, version or previous versions and the back-end server is Tivoli Directory Server, version 6.3, Fix Pack 17 that is set with the TLS 1.2 protocol. The distributed directory setup fails if you use a server that is configured with the TLS 1.2 signature and hash algorithm restrictions. The distributed directory setup fails if you use a server that is configured with Suite B mode. Pass-through authentication: The pass-though authentication fails if the authenticating server is Tivoli Directory Server, version or previous versions and the pass-through server is Tivoli Directory Server, version 6.3, Fix Pack 17 that is set with the TLS 1.2 protocol. The pass-though authentication fails if you use a server that is configured with the TLS 1.2 signature and hash algorithm restrictions. The pass-though authentication fails if you use a server that is configured with Suite B mode. Server at Tivoli Directory Server, version 6.3, Fix Pack 17 level and previous versions of clients: Secure communications between a directory server and Tivoli Directory Server, version or previous versions client utilities fail, if you configure the server with: v The TLS 1.2 protocol. v The TLS 1.2 signature and hash algorithm restrictions. v The Suite B mode. In a client environment Secure communications between the client utilities and Tivoli Directory Server, version or previous version servers fail, if you configure the client environment with: v The TLS 1.2 protocol. v The TLS 1.2 signature and hash algorithm restrictions. v The Suite B mode. Migration considerations 41

52 Behavior changes in Tivoli Directory Server, version 6.3, Fix Pack 17 You might require to mitigate issues that occur because of the behavior changes in IBM Tivoli Directory Server, version 6.3, Fix Pack 17. There are notable or unexpected changes in the behavior of directory server after you upgrade to IBM Tivoli Directory Server, version 6.3, Fix Pack 17. You might observe the following behavior changes after you upgrade: v v v v v If a directory server is configured for secure communication and all the ciphers under the cn=ssl, cn=configuration entry are removed, the server might not start in normal mode. If a cipher under the cn=ssl, cn=configuration entry is removed, then the clients might not be able to connect to the server with that cipher. If a directory server is set in FIPS processing mode and the FIPS approved ciphers under the cn=ssl, cn=configuration entry are removed, then the clients might not be able to connect to the server with the FIPS approved ciphers. If the FIPS approved ciphers under the cn=ssl, cn=configuration entry are removed, then the clients might not be able to connect to the server with the -x parameter. If a directory server is configured for secure communication, then the protocols that are configured on the server are shown in the server startup messages. The configured protocols are also logged in the ibmslapd.log file. GLPSSL039I Secure communication using the SSLV3,TLS10 protocol is enabled. v When you run a root DSE search against a directory server with the TLS 1.2 protocol, the ibm-tlsciphers attribute with a list of TLS 1.2 ciphers is listed. 42 Directory Server: Support for NIST SP A

53 Appendix A. Protocols and ciphers in Tivoli Directory Server, version 6.3, Fix Pack 17 or later You can use the supported protocols and ciphers for secure communications in IBM Tivoli Directory Server, version 6.3, Fix Pack 17 or later. The following protocols are supported for secure communications between a server and client in Tivoli Directory Server, version 6.3, Fix Pack 17 or later: v SSLv3 protocol v TLS 1.0 protocol v TLS 1.1 protocol v TLS 1.2 protocol The following ciphers are supported for secure communications in the Tivoli Directory Server, version 6.3, Fix Pack 17 or later, server and client environment: Table 5. Supported ciphers for the SSLv3, TLS 1.0, and TLS 1.1 protocols Ciphers in the ibmslapd.conf file Hex value Supported by SSLv3 and TLS 1.0 protocols Supported by TLS 1.1 protocol GSKit cipher specs RC4-40-MD5 03 Yes No TLS_RSA_EXPORT_WITH_RC4_40_MD5 RC4-128-MD5 04 Yes Yes TLS_RSA_WITH_RC4_128_MD5 RC4-128-SHA 05 Yes Yes TLS_RSA_WITH_RC4_128_SHA RC2-40-MD5 06 Yes No TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 DES Yes Yes TLS_RSA_WITH_DES_CBC_SHA TripleDES-168 0A Yes Yes TLS_RSA_WITH_3DES_EDE_CBC_SHA AES-128 2F Yes Yes TLS_RSA_WITH_AES_128_CBC_SHA AES 35 Yes Yes TLS_RSA_WITH_AES_256_CBC_SHA Table 6. FIPS approved ciphers in the configuration file for the TLS 1.0 and TLS 1.1 protocols Ciphers in the ibmslapd.conf file Hex value TripleDES-168 0A AES-128 2F AES 35 Table 7. Supported TLS 1.2 ciphers on server, FIPS approved TLS 1.2 ciphers, and default TLS 1.2 ciphers supported by client utilities for the TLS 1.2 protocol Supported TLS 1.2 ciphers on server FIPS approved TLS 1.2 ciphers Default TLS 1.2 ciphers that are supported by client utilities TLS_RSA_WITH_RC4_128_SHA No No TLS_RSA_WITH_3DES_EDE_CBC_SHA Yes Yes TLS_RSA_WITH_AES_128_CBC_SHA Yes Yes TLS_RSA_WITH_AES_256_CBC_SHA Yes Yes TLS_RSA_WITH_AES_128_GCM_SHA256 Yes Yes TLS_RSA_WITH_AES_256_GCM_SHA384 Yes Yes TLS_RSA_WITH_AES_128_CBC_SHA256 Yes Yes TLS_RSA_WITH_AES_256_CBC_SHA256 Yes Yes TLS_ECDHE_RSA_WITH_RC4_128_SHA No No TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Yes No TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA Yes No 43

54 Table 7. Supported TLS 1.2 ciphers on server, FIPS approved TLS 1.2 ciphers, and default TLS 1.2 ciphers supported by client utilities for the TLS 1.2 protocol (continued) Supported TLS 1.2 ciphers on server FIPS approved TLS 1.2 ciphers Default TLS 1.2 ciphers that are supported by client utilities TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Yes No TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Yes Yes TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Yes Yes TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 Yes Yes TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Yes Yes TLS_ECDHE_ECDSA_WITH_RC4_128_SHA No No TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA Yes No TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA Yes Yes TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Yes Yes TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Yes Yes TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Yes Yes TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 Yes Yes TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Yes Yes 44 Directory Server: Support for NIST SP A

55 Appendix B. Protocols and ciphers in Tivoli Directory Server, version or previous versions You can use the supported protocols and ciphers for secure communication in a directory server and client environment of IBM Tivoli Directory Server, version or previous versions. The following protocols are supported for secure communications between a server and client in Tivoli Directory Server, version or previous versions: v SSLv3/TLS 1.0 protocol suite The following ciphers are supported for secure communications in Tivoli Directory Server, version or previous versions: Table 8. Supported ciphers for the SSLv3/TLS 1.0 protocol suite Ciphers in the ibmslapd.conf file Hex value Supported by SSLv3/TLS 1.0 protocol suite GSKit ciphers RC4-40-MD5 03 Yes TLS_RSA_EXPORT_WITH_RC4_40_MD5 RC4-128-MD5 04 Yes TLS_RSA_WITH_RC4_128_MD5 RC4-128-SHA 05 Yes TLS_RSA_WITH_RC4_128_SHA RC2-40-MD5 06 Yes TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 DES Yes TLS_RSA_WITH_DES_CBC_SHA TripleDES-168 0A Yes TLS_RSA_WITH_3DES_EDE_CBC_SHA AES-128 2F Yes TLS_RSA_WITH_AES_128_CBC_SHA AES 35 Yes TLS_RSA_WITH_AES_256_CBC_SHA Table 9. FIPS approved ciphers in the configuration file for the TLS 1.0 protocol Ciphers in the ibmslapd.conf file Hex value TripleDES-168 0A AES-128 2F AES 35 45

56 46 Directory Server: Support for NIST SP A

57 Appendix C. References You can use the reference materials for more information that are related to the terms used in the document. SP A Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths Suite B Profile for Transport Layer Security (TLS) RFC GSKCapiCmd User's Guide ftp://ftp.software.ibm.com/software/webserver/appserv/library/v80/ GSK_CapiCmd_UserGuide.pdf 47

58 48 Directory Server: Support for NIST SP A

59 Appendix D. Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-ibm product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan, Ltd , Shimotsuruma, Yamato-shi Kanagawa Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law : INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement might not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-ibm Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. 49

60 IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 2Z4A/ Burnet Road Austin, TX U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases payment of a fee. The licensed program described in this document and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurement may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-ibm products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-ibm products. Questions on the capabilities of non-ibm products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information is for planning purposes only. The information herein is subject to change before the products described become available. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to 50 Directory Server: Support for NIST SP A

61 IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces. Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. Copyright IBM Corp. _enter the year or years_. All rights reserved. If you are viewing this information in softcopy form, the photographs and color illustrations might not be displayed. Trademarks IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, other countries, or both. IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications Agency which is now part of the Office of Government Commerce. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. UNIX is a registered trademark of The Open Group in the United States and other countries. Appendix D. Notices 51

62 Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries. 52 Directory Server: Support for NIST SP A