I have an appliance that I want to use with our FreeIPA-provided LDAP servers. The appliance only supports the following ciphers:

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)

I tried changing the following in dse.ldif, based on http://www.port389.org/docs/389ds/design/nss-cipher-design.html:

nsSSL3Ciphers: +all

However, this enabled only the following 7 ciphers (based on the output of nmap --script ssl-enum-ciphers -p 636 freeipa-01.example.com):

TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA

Here's the content of the dn: cn=encryption,cn=config section:

dn: cn=encryption,cn=config
CACertExtractFile: /etc/dirsrv/slapd-EXAMPLE-COM/CN3dUSERTrust20RSA20Certif
ication20Authority2cO3dThe20USERTRUST20Network2cL3dJersey20City2cST3dNew20Jer
sey2cC3dUS.pem
allowWeakCipher: off
cn: encryption
createTimestamp: 20181108213233Z
creatorsName: cn=server,cn=plugins,cn=config
modifiersName: cn=server,cn=plugins,cn=config
modifyTimestamp: 20181108213359Z
nsSSL3Ciphers: +all
nsSSLClientAuth: allowed
nsSSLSessionTimeout: 0
objectClass: top
objectClass: nsEncryptionConfig
sslVersionMin: TLS1.2
numSubordinates: 1

Any ideas why this change isn't enabling the additional ciphers? Thanks!