You cannot use DSCC to perform this task. Use the command line, as described in this procedure.
To require SASL encryption, set the dsSaslMinSSF value to the minimum encryption required.
$ ldapmodify -h host -p port -D cn=admin,cn=Administrators,cn=config -w - Enter bind password: dn: cn=SASL, cn=security, cn=config changetype: modify replace: dsSaslMinSSF dsSaslMinSSF: 128 ^D