How to force iMonitor to use strong encryption for SSL connections

  • 7004464
  • 18-Sep-2009
  • 26-Apr-2012


Novell eDirectory 8.8.5 for All Platforms
Novell iMonitor


It is possible to configure the LDAP server to use only HIGH cipher encryption, but in earlier versions it wasn't possible to configure the same for the HTTP stack which iMonitor uses. This feature is now available with eDirectory 8.8.5 and above.


There are three values that can be used to restrict the cipher usage:
0 - accept HIGH, MEDIUM, LOW and EXPORT ciphers
2 - accept HIGH and MEDIUM ciphers only
3 - accept HIGH ciphers only

To set this value, the httpServer object associated with the NCP server object needs to be modified and the attribute"httpBindRestrictions" can be modified or added with one of these three values. To do so, it is possible to use the "Modify Object" task in iManager and in the General tab use the "Other" link, which allows to modify attributes directly. In order for the changes to take effect, eDirectory needs to be restarted.

The parameter http.server.bind-restrictions in nds.conf is supposed to control this behavior as well, but at the time of writing of this TID it wasn't working properly. This issue has been reported to engineering.

Additional Information

It is possible to use the following command to test the ciphers accepted by iMonitor:

openssl s_client -connect ipaddress:port -ssl3 -cipher LOW

The last parameter, cipher, can have a value of EXPORT, LOW, MEDIUM or HIGH