RHEL 9 IP tunnels must use FIPS 140-3 approved cryptographic algorithms.

An XCCDF Rule

Description

Overriding the system crypto policy makes the behavior of the Libreswan service violate expectations, and makes system configuration more fragmented.

ID: SV-258232r1045440_rule
Version: RHEL-09-671020
Severity: Medium
References: CCI-000068
Updated: about 2 months ago

Remediation Templates

Configure Libreswan to use the system cryptographic policy.

Add the following line to "/etc/ipsec.conf":

include /etc/crypto-policies/back-ends/libreswan.config