An XCCDF Group - A logical subset of the XCCDF Benchmark
update-crypto-policies
crypto-policies
$ sudo dnf install crypto-policies
/etc/named.conf
options
include "/etc/crypto-policies/back-ends/bind.config";
$ sudo update-crypto-policies --set
/etc/crypto-policies/back-ends
/etc/crypto-policies/back-ends/gnutls.config
+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-DTLS1.0
/etc/ipsec.conf
include /etc/crypto-policies/back-ends/libreswan.config
/etc/pki/tls/openssl.cnf
ini
[ crypto_policy ]
.include = /etc/crypto-policies/back-ends/opensslcnf.config
$ sudo grep -i MinProtocol /etc/crypto-policies/back-ends/opensslcnf.config MinProtocol = TLSv1.2
$ sudo grep -i MinProtocol /etc/crypto-policies/back-ends/opensslcnf.config TLS.MinProtocol = TLSv1.2 DTLS.MinProtocol = DTLSv1.2
CRYPTO_POLICY
/etc/sysconfig/sshd
/etc/ssh/ssh_config.d/
05-redhat.conf
02-ospp.conf
/etc/crypto-policies/back-ends/openssh.config
Ciphers
/etc/crypto-policies/back-ends/opensshserver.config
-oCiphers=
MACs
-oMACS=