RHEL 9 IP tunnels must use FIPS 140-2/140-3 approved cryptographic algorithms.
An XCCDF Rule
Description
<VulnDiscussion>Overriding the system crypto policy makes the behavior of the Libreswan service violate expectations, and makes system configuration more fragmented.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-258232r926683_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Configure Libreswan to use the system cryptographic policy.
Add the following line to "/etc/ipsec.conf":
include /etc/crypto-policies/back-ends/libreswan.config