pax_global_header00006660000000000000000000000064151123004110014476gustar00rootroot0000000000000052 comment=19878fea4c5f62208655e32269842bce55c819b2 crypto-policies-20251128.git19878fe/000077500000000000000000000000001511230041100166075ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/.flake8000066400000000000000000000001601511230041100177570ustar00rootroot00000000000000[flake8] # E741 ambiguous variable name # W503 line break occurred after a binary operator ignore = E741,W503, crypto-policies-20251128.git19878fe/.gitignore000066400000000000000000000001301511230041100205710ustar00rootroot00000000000000*.8 *.8.xml *.7 *.7.xml test-suite.log tests/java/*.class output/ __pycache__ .coverage crypto-policies-20251128.git19878fe/.gitlab-ci.yml000066400000000000000000000055101511230041100212440ustar00rootroot00000000000000variables: # current Fedora linter does not recognize PQC keywords yet, # but an experimental -pqc one does # remove sequoia-policy-config-pqc once Fedora linter recognizes PQC keywords SEQUOIA_POLICY_CONFIG_CHECK_LOOSE: > sequoia-policy-config-check-0.4.0 sequoia-policy-config-check SEQUOIA_POLICY_CONFIG_CHECK_STRICT: sequoia-policy-config-check-pqc Fedora-rawhide-prebuilt: # see `build-images` branch image: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/rawhide:latest before_script: - dnf -y update --refresh # since we're using a canned image - &install > dnf install --setopt=install_weak_deps=False --nogpgcheck -y openssh-clients openssh-server openssl oqsprovider git-core which gnutls-utils nss-tools sequoia-policy-config java-devel bind krb5-devel asciidoc libxslt libreswan diffutils make ruff python3-flake8 python3-pytest python3-coverage codespell wget && dnf install --setopt=install_weak_deps=False --nogpgcheck -y python3-pip && python3 -m pip install --upgrade pluggy && (dnf install --setopt=install_weak_deps=False --nogpgcheck -y python3-pylint || (python3 -m pip install pylint && ln -sf /usr/local/bin/pylint /usr/local/bin/pylint-3)) # TODO: fold back into normal dependencies list once pylint/pluggy get unbroken on python 3.14 - &misc-prepare | git clone --depth 1 https://github.com/frozencemetery/krb5check tests/krb5check --reference-if-able /opt/krb5check sequoia-policy-config-check /dev/null # check it's present and executes sequoia-policy-config-check-0.4.0 /dev/null # check it's present and executes sequoia-policy-config-check-pqc /dev/null # check it's present and executes env GNUTLS_SYSTEM_PRIORITY_FILE=/dev/null gnutls-cli -l >/dev/null nss-policy-check /etc/crypto-policies/back-ends/nss.config &>/dev/null openssl ciphers > /dev/null script: - make build - make test - make install && make test-install >test-install.log 2>&1 except: - tags Fedora-rawhide-prebuilt-commit-range: # see `build-images` branch image: $CI_REGISTRY/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/rawhide:latest before_script: - dnf -y update --refresh # since we're using a canned image - *install - *misc-prepare - wget https://raw.githubusercontent.com/mhagger/git-test/master/bin/git-test script: - git config --global user.name 'gitlab runner' - git config --global user.email runner@gitlab.com - git remote add upstream $CI_MERGE_REQUEST_PROJECT_URL - git fetch upstream - python3 git-test add 'make build test' - python3 git-test run --keep-going upstream/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}..HEAD && echo --- && python3 git-test results upstream/${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}..HEAD except: - tags only: - merge_requests crypto-policies-20251128.git19878fe/CONTRIBUTING.md000066400000000000000000000031701511230041100210410ustar00rootroot00000000000000# Information about our contribution rules and coding style Anyone is welcome to contribute to crypto-policies. Be prepared to defend and justify your enhancements, and get through few rounds of changes. We try to stick to the following rules, so when contributing please try to follow them too. # Git commits Note that when contributing code you will need to assert that the contribution is in accordance to the "Developer's Certificate of Origin" as found in the file [DCO.txt](doc/DCO.txt). To indicate that, make sure that your contributions (patches or merge requests), contain a "Signed-off-by" line, with your real name and e-mail address. # Test suite New functionality should be accompanied by a test case which verifies the correctness of crypto policies' operation on successful use of the new functionality, as well as on fail cases. The test suite is run with "make check" on target systems as well as on the CI system. The tests can also be done at run-time, i.e., with the test_temp_policy() function provided by back-ends, or on CI/target systems only (via check rule in Makefile). The former implies the latter. Any additional tools required for that testing should be listed in the CI configuration (.gitlab-ci.yml). # Updating a policy Those seeking to modify a policy are advised to: * Update the file under policies itself. * If a policy has an alternative definition under `tests/alternative-policies/`, update it equivalently. Using different ways to arrive at the same result is appreciated. * Remove the reference outputs under `tests/outputs/`. * Regenerate the `tests/outputs/` by running `make check`. crypto-policies-20251128.git19878fe/COPYING.LESSER000066400000000000000000000635001511230041100206420ustar00rootroot00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! crypto-policies-20251128.git19878fe/Makefile000066400000000000000000000157161511230041100202610ustar00rootroot00000000000000VERSION=$(shell git log -1|grep commit|cut -f 2 -d ' '|head -c 7) DIR?=/usr/share/crypto-policies BINDIR?=/usr/bin MANDIR?=/usr/share/man CONFDIR?=/etc/crypto-policies LIBEXECDIR?=/usr/libexec UNITDIR?=/usr/lib/systemd/system DESTDIR?= MAN7PAGES=crypto-policies.7 MAN8PAGES=update-crypto-policies.8 SCRIPTS=update-crypto-policies LIBEXEC_SCRIPTS=fips-crypto-policy-overlay fips-setup-helper UNITS=fips-crypto-policy-overlay.service NUM_PROCS = $$(getconf _NPROCESSORS_ONLN) PYVERSION = -3 DIFFTOOL?=meld ASCIIDOC?=asciidoc XSLTPROC?=xsltproc ifneq ("$(wildcard /usr/lib/python*/*/asciidoc/resources/docbook-xsl/manpage.xsl)","") MANPAGEXSL?=$(wildcard /usr/lib/python*/*/asciidoc/resources/docbook-xsl/manpage.xsl) else MANPAGEXSL?=/usr/share/asciidoc/docbook-xsl/manpage.xsl endif all: build build: $(MAN7PAGES) $(MAN8PAGES) mkdir -p output python/build-crypto-policies.py --reloadcmds policies output install: $(MANPAGES) mkdir -p $(DESTDIR)$(MANDIR) mkdir -p $(DESTDIR)$(MANDIR)/man7 mkdir -p $(DESTDIR)$(MANDIR)/man8 mkdir -p $(DESTDIR)$(BINDIR) mkdir -p $(DESTDIR)$(LIBEXECDIR) mkdir -p $(DESTDIR)$(UNITDIR) install -p -m 644 $(MAN7PAGES) $(DESTDIR)$(MANDIR)/man7 install -p -m 644 $(MAN8PAGES) $(DESTDIR)$(MANDIR)/man8 install -p -m 755 $(SCRIPTS) $(DESTDIR)$(BINDIR) install -p -m 644 $(UNITS) $(DESTDIR)$(UNITDIR) install -p -m 755 $(LIBEXEC_SCRIPTS) $(DESTDIR)$(LIBEXECDIR) mkdir -p $(DESTDIR)$(DIR)/ install -p -m 644 default-config $(DESTDIR)$(DIR) install -p -m 644 default-fips-config $(DESTDIR)$(DIR) install -p -m 644 output/reload-cmds.sh $(DESTDIR)$(DIR) for f in $$(find output -name '*.txt') ; do d=$$(dirname $$f | cut -f 2- -d '/') ; install -p -m 644 -D -t $(DESTDIR)$(DIR)/$$d $$f ; done for f in $$(find policies -name '*.p*') ; do d=$$(dirname $$f) ; install -p -m 644 -D -t $(DESTDIR)$(DIR)/$$d $$f ; done for f in $$(find python -name '*.py') ; do d=$$(dirname $$f) ; install -p -m 644 -D -t $(DESTDIR)$(DIR)/$$d $$f ; done chmod 755 $(DESTDIR)$(DIR)/python/update-crypto-policies.py chmod 755 $(DESTDIR)$(DIR)/python/build-crypto-policies.py runruff: ruff check runflake8: @find -name '*.py' | grep -v krb5check | xargs flake8 --config .flake8 runpylint: PYTHONPATH=. pylint$(PYVERSION) --rcfile=pylintrc python PYTHONPATH=. pylint$(PYVERSION) --rcfile=pylintrc tests @echo "[ OK ]" runcodespell: codespell -L gost,anull,bund -S .git,./tests/krb5check/*,*.7,*.8 check: @mkdir -p output/compare python/build-crypto-policies.py --strict --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy FIPS:OSPP --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy FIPS:ECDHE-ONLY --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy FIPS:NO-ENFORCE-EMS --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy DEFAULT:GOST --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy GOST-ONLY --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy LEGACY:AD-SUPPORT --test --flat policies tests/outputs python/build-crypto-policies.py --strict --policy DEFAULT:NO-PQ --test --flat policies tests/outputs python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat policies tests/outputs # not strict # FEDORA43 === DEFAULT diff policies/FEDORA43.pol policies/DEFAULT.pol # FEDORA43:NO-PQ == FEDORA42 == FEDORA43:TEST-PQ:NO-PQ #mkdir -p output/compare/FEDORA43:NO-PQ output/compare/FEDORA42 python/build-crypto-policies.py --strict --policy FEDORA43:NO-PQ policies output/compare python/build-crypto-policies.py --policy FEDORA43:TEST-PQ:NO-PQ policies output/compare # not strict python/build-crypto-policies.py --strict --policy FEDORA42 policies output/compare diff -r output/compare/FEDORA43:NO-PQ output/compare/FEDORA42 diff -r output/compare/FEDORA43:TEST-PQ:NO-PQ output/compare/FEDORA42 rm -r output/compare tests/openssl.py tests/gnutls.py tests/nss.py tests/java.py tests/krb5.py top_srcdir=. tests/update-crypto-policies.sh # Alternative, equivalent ways to write the same policies check-alternatives: check @rm -rf output/alt @mkdir -p output cp -r tests/outputs output/alt python/build-crypto-policies.py --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy FIPS:OSPP --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy FIPS:ECDHE-ONLY --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy FIPS:NO-ENFORCE-EMS --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy GOST-ONLY --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy LEGACY:AD-SUPPORT --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy DEFAULT:GOST --test --flat tests/alternative-policies output/alt python/build-crypto-policies.py --policy DEFAULT:TEST-PQ --test --flat tests/alternative-policies output/alt @rm -rf output/alt doctest: @python3 -Werror -m pytest -vv --doctest-modules python/ unittest: @python3 -Werror -m pytest -vv tests/unit/ covtest: #doctest unittest @# FIXME: only covers python/cryptopolicies/ files so far @# NOTE: doesn't grasp ternaries and short-circuiting operators # Don't trust coverage testing PYTHONPATH=. coverage run --source python/cryptopolicies/ --branch -m pytest -vv --doctest-modules python/ PYTHONPATH=. coverage run --append --source python/cryptopolicies/ --branch -m pytest -vv tests/unit/ coverage report --fail-under=100 test: doctest unittest check check-alternatives ifndef SKIP_LINTING test: covtest runruff runcodespell runflake8 runpylint endif reset-outputs: @rm -rf tests/outputs/* @echo "Outputs were reset. Run make check to re-generate, and commit the output." clean: rm -f $(MAN7PAGES) $(MAN8PAGES) *.?.xml rm -rf output %: %.txt $(ASCIIDOC) -v -d manpage -b docbook $< $(XSLTPROC) --nonet -o $@ ${MANPAGEXSL} $@.xml dist: rm -rf crypto-policies && git clone . crypto-policies && rm -rf crypto-policies/.git/ && tar -czf crypto-policies-git$(VERSION).tar.gz crypto-policies && rm -rf crypto-policies test-install: current_policy="$$(update-crypto-policies --show)" ; \ if [ -z "$$current_policy" ] ; then exit 1; fi ; \ test_policy=LEGACY ; \ if [ "$$current_policy" = LEGACY ] ; then test_policy=DEFAULT ; fi ; \ update-crypto-policies --set $$test_policy || exit $$? ; \ grep -q $$test_policy $(CONFDIR)/config || exit $$? ; \ ls -l $(CONFDIR)/back-ends/ | grep -q $$current_policy && exit 2 ; \ ls -l $(CONFDIR)/back-ends/ | grep -q $$test_policy || exit $$? ; \ update-crypto-policies --is-applied | grep -q "is applied" || exit $$? ; \ update-crypto-policies --set $$current_policy || exit $$? ; \ ls -l $(CONFDIR)/back-ends/ | grep -q $$test_policy && exit 3 ; \ ls -l $(CONFDIR)/back-ends/ | grep -q $$current_policy || exit $$? ; \ update-crypto-policies --is-applied | grep -q "is applied" || exit $$? crypto-policies-20251128.git19878fe/README.md000066400000000000000000000041051511230041100200660ustar00rootroot00000000000000This repository contains the crypto-policies data and scripts used in Fedora. # Purpose The purpose is to unify the crypto policies used by different applications and libraries. It should be possible to set consistent cryptographic defaults across all applications in a Fedora system, irrespective of the cryptographic library in use. # Description The basic idea was to have few predefined security policies, such as LEGACY, DEFAULT and FUTURE, which are set system-wide by the administrator. Then applications that have no special needs will follow these policies by default. That way the management of the various crypto applications and libraries used in a system simplifies significantly. Since then the project has grown additional capabilities. The administrator can now layer subpolicies on top of policies, define their own policies and subpolicies and configure back-ends differently. The supported back-ends in Fedora are: * GnuTLS * OpenSSL * NSS * BIND * libkrb5 * OpenSSH * Java via OpenJDK * libssh * Libreswan * Sequioa * RPM through Sequioa (configured separately) The primary interface for using crypto-policies is `update-crypto-policy --set POLICYNAME:SUBPOLICY1:SUBPOLICY2`. For more documentation, please refer to [man crypto-policies](crypto-policies.7.txt) and [man update-crypto-policies](update-crypto-policies.8.txt). # Generating the policies The policies are described in a simple policy language at `policies/POLICYFILE.pol`, and they operate on strings defined at the beginning of `python/cryptopolicies.py`. Individual application configuration generators are present in `python/policygenerators`. To generate the policies per application use the script `python/build-crypto-policies.py policydir DESTDIR` or `make install`. For testing purpose the generated policies per application with the current config are placed in `tests/outputs` and `make check` will verify whether the generated policies match the stored. To reset the outputs use `make reset-outputs` and `make check` to regenerate them. # Contributing See [our contribution guide](CONTRIBUTING.md). crypto-policies-20251128.git19878fe/crypto-policies.7.txt000066400000000000000000000534641511230041100226560ustar00rootroot00000000000000//// Copyright (C) 2019-2021 Red Hat, Inc. This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. //// crypto-policies(7) ================== :doctype: manpage :man source: crypto-policies NAME ---- crypto-policies - system-wide crypto policies overview DESCRIPTION ----------- The security of cryptographic components of the operating system does not remain constant over time. Algorithms, such as cryptographic hashing and encryption, typically have a lifetime, after which they are considered either too risky to use or plain insecure. That means, we need to phase out such algorithms from the default settings or completely disable them if they could cause an irreparable problem. While in the past the algorithms were not disabled in a consistent way and different applications applied different policies, the system-wide crypto-policies followed by the crypto core components allow consistently deprecating and disabling algorithms system-wide. Several preconfigured policies (*DEFAULT*, *LEGACY*, *FUTURE*, and *FIPS*) and subpolicies are included in the *crypto-policies(7)* package. System administrators or third-party vendors can define custom policies and subpolicies. The recommended way to modify the effective configuration is to apply a custom subpolicy on top of a predefined policy. This allows configuration to evolve with future updates of the predefined policies keeping desired modification in place. Modifying effective configuration by defining a fully custom policy prevents the configuration from evolving with future updates of the predefined policies. The syntax to define custom policies and subpolicies is described in the CRYPTO POLICY DEFINITION FORMAT section below. For rationale, see *RFC 7457* for a list of attacks taking advantage of legacy crypto algorithms. COVERED APPLICATIONS -------------------- Crypto-policies apply to the configuration of the core cryptographic subsystems, covering *TLS*, *IKE*, *IPSec*, *DNSSec*, and *Kerberos* protocols; i.e., the supported secure communications protocols on the base operating system. Once an application runs in the operating system, it follows the default or selected policy and refuses to fall back to algorithms and protocols not within the policy, unless the user has explicitly requested the application to do so. That is, the policy applies to the default behavior of applications when running with the system-provided configuration but the user can override it on an application-specific basis. The policies currently provide settings for these applications and libraries: * *BIND* DNS name server daemon (scopes: *BIND*, *DNSSec*) * *GnuTLS* TLS library (scopes: *GnuTLS*, *SSL*, *TLS*) * *OpenJDK* runtime environment (scopes: *java-tls*, *SSL*, *TLS*) * *Kerberos 5* library (scopes: *krb5*, *Kerberos*) * *Libreswan* IPsec and IKE protocol implementation (scopes: *libreswan*, *IPSec*, *IKE*) * *NSS* TLS library (scopes: *NSS*; specific algorithm usage purposes are also affected by *SSL*, *TLS*, *pkcs12*, *pkcs12-import*, *smime*, *smime-import* scopes, and internal use *nss-tls*, *nss-pkcs12*, *nss-pkcs12-import*, *nss-smime* and *nss-smime-import* scopes.) * *OpenSSH* SSH2 protocol implementation (scopes: *OpenSSH*, *SSH*) * *OpenSSL* TLS library (scopes: *OpenSSL*, *SSL*, *TLS*) * *libssh* SSH2 protocol implementation (scopes: *libssh*, *SSH*) * *sequoia* PGP implementation, for usage outside of rpm-sequoia (scopes: *sequoia*) * *rpm-sequoia* RPM Sequoia PGP backend (scopes: *rpm*, *rpm-sequoia*) Applications using the above libraries and tools are covered by the cryptographic policies unless they are explicitly configured otherwise. PROVIDED POLICIES ----------------- *LEGACY*:: This policy ensures maximum compatibility with legacy systems; it is less secure and it includes support for *TLS 1.0*, *TLS 1.1*, and *SSH2* protocols or later. The algorithms *DSA* and *3DES* are allowed, while *RSA* and *Diffie-Hellman* parameters are accepted if larger than 1024 bits. This policy provides at least 64-bit security. * MACs: all *HMAC* with *SHA-1* or better + all modern MACs (*Poly1305* etc.) * Curves: all prime >= 255 bits (including Bernstein curves) * Signature algorithms: with *SHA1* hash or better (*DSA* allowed) * *TLS* Ciphers: all available >= 112-bit key, >= 128-bit block (including *3DES*, excluding *RC4*) * Non-TLS Ciphers: same as *TLS* ciphers with added *Camellia* * Key exchange: *ECDHE*, *RSA*, *DHE* * *DH* params size: >= 1024 * *RSA* keys size: >= 1024 * *DSA* params size: >= 1024 * *TLS* protocols: *TLS* >= 1.0, *DTLS* >= 1.0 *DEFAULT*:: The *DEFAULT* policy is a reasonable default policy for today's standards. It allows the *TLS 1.2*, and *TLS 1.3* protocols, as well as *IKEv2* and *SSH2*. The *Diffie-Hellman* parameters are accepted if they are at least 2048 bits long. This policy provides at least 112-bit security with the exception of allowing *SHA-1* signatures in DNSSec where they are still prevalent. * MACs: all *HMAC* with *SHA-1* or better + all modern MACs (*Poly1305* etc.) * Curves: all prime >= 255 bits (including Bernstein curves) * Signature algorithms: with *SHA-224* hash or better (no *DSA*) * *TLS* Ciphers: >= 128-bit key, >= 128-bit block (*AES*, *ChaCha20*, including *AES-CBC*) * non-TLS Ciphers: as *TLS* Ciphers with added *Camellia* * key exchange: *ECDHE*, *RSA*, *DHE* (no *DHE-DSS*) * *DH* params size: >= 2048 * *RSA* keys size: >= 2048 * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 *NEXT*:: The *NEXT* policy is just an alias to the *DEFAULT* policy. *FUTURE*:: A conservative security policy that is believed to withstand any near-term future attacks at the expense of interoperability. It may prevent communication with many commonly used systems that only offer weaker security. This policy does not allow the use of *SHA-1* in signature algorithms. The policy also provides some (not complete) preparation for post-quantum encryption support in form of 256-bit symmetric encryption requirement. The *RSA* and *Diffie-Hellman* parameters are accepted if larger than 3071 bits. This policy provides at least 128-bit security. * MACs: all *HMAC* with *SHA-256* or better + all modern MACs (*Poly1305* etc.) * Curves: all prime >= 255 bits (including Bernstein curves) * Signature algorithms: with *SHA-256* hash or better (no *DSA*) * *TLS* Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers * non-TLS Ciphers: same as *TLS* ciphers with added non AE ciphers and *Camellia* * key exchange: *ECDHE*, *DHE* (no *DHE-DSS*, no *RSA*) * *DH* params size: >= 3072 * *RSA* keys size: >= 3072 * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 *BSI*:: A security policy based on recommendations by the german government agency BSI (Bundesamt fuer Sicherheit in der Informationstechnik, translated as "agency for security in software technology") in its ruleset BSI TR 02102 (TR - technical recommendation). The BSI TR 02102 standard is updated in regular intervals. This policy does not allow the use of *SHA-1* in signature algorithms (except *DNSSEC* and *RPM*). The policy also provides some (not complete) preparation for post-quantum encryption support in form of 256-bit symmetric encryption requirement. The *RSA* parameters are accepted if larger than 2047 bits, and *Diffie-Hellman* parameters are accepted if larger than 3071 bits. This policy provides at least 128-bit security, excepting the transition of *RSA*. * MACs: all *HMAC* with *SHA-256* or better + all modern MACs * Curves: all prime >= 255 bits (including Bernstein curves) * Signature algorithms: with *SHA-256* hash or better (no *DSA*) * *TLS* Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers * non-TLS Ciphers: same as *TLS* ciphers with added non AE ciphers * key exchange: *ECDHE*, *DHE* (no *DHE-DSS*, no *RSA*) * *DH* params size: >= 3072 * *RSA* keys size: >= 2048 (until end of 2023, then it will switch to 3072) * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 Note that compared to others profiles *Chacha20* and *Camellia* are not recommended by the BSI. *FIPS*:: A policy to aid conformance to the *FIPS 140* requirements. This policy is used automatically by a dracut initramfs module and a systemd service if the kernel is booted with `fips=1` to switch the system into the *FIPS 140* mode. This policy provides at least 112-bit security. * MACs: all *HMAC* with *SHA1* or better * Curves: all prime >= 256 bits, hybrid ML-KEM * Signature algorithms: with *SHA-256* hash or better (no *DSA*), pure ML-DSA * *TLS* Ciphers: >= 128-bit key, >= 128-bit block (*AES*, including *AES-CBC*) * non-TLS Ciphers: same as *TLS* Ciphers * key exchange: *ECDHE*, *DHE* (no *DHE-DSS*, no *RSA*), KEM-ECDH * *DH* params size: >= 2048 * *RSA* params size: >= 2048 * *TLS* protocols: *TLS* >= 1.2, *DTLS* >= 1.2 *EMPTY*:: All cryptographic algorithms are disabled (used for debugging only, do not use). CRYPTO POLICY DEFINITION FORMAT ------------------------------ The crypto policy definition files have a simple syntax following an *INI* file 'key' = 'value' syntax with these particular features: * Comments are indicated by '#' character. Everything on the line following the character is ignored. * Backslash '\' character followed immediately with the end-of-line character indicates line continuation. The following line is concatenated to the current line after the backslash and end-of-line characters are removed. * Value types for integer options can be decimal integers ('option = 1'). * Multiple-choice options can be specified by setting them to a list of values ('option = value1 value2'). This list can further be altered by prepending/omitting/appending values ('option = +prepended -omitted appended+'). A follow-up reassignment will reset the list. The latter syntax cannot be combined with the former one in the same directive. Setting an option to an empty list is possible with 'option ='. * Asterisk sign can be used for wildcard matching as a shortcut for specifying multiple values when setting multiple-choice options. Note that wildcard matching can lead to future updates implicitly enabling algorithms not yet available in the current version. If this is a concern, do not use wildcard-matching outside of algorithm-omitting directives. * In order to limit the scope of the directive and make it affect just some of the backends, the following extended syntax can be used: 'option@scope = ...', 'option@{scope1,scope2,...} = ...'. Negation of scopes is possible with 'option@!scope' / 'option@{scope1,scope2,...}. Scope selectors are case-insensitive. The available options are: * *mac*: List of allowed MAC algorithms * *group*: List of allowed groups or elliptic curves for key exchanges for use with other protocols * *hash*: List of allowed cryptographic hash (message digest) algorithms * *sign*: List of allowed signature algorithms * *cipher*: List of allowed symmetric encryption algorithms (including the modes) for use with other protocols * *key_exchange*: List of allowed key exchange algorithms * *protocol*: List of allowed TLS, DTLS and IKE protocol versions; mind that some backends do not allow selectively disabling protocols versions and only use the oldest version as the lower boundary. * *min_dh_size*: Integer value of minimum number of bits of parameters for *DH* key exchange * *min_dsa_size*: Integer value of minimum number of bits for *DSA* keys * *min_rsa_size*: Integer value of minimum number of bits for *RSA* keys * *min_ec_size*: Integer value of minimum number of bits for *EC* keys (Applies to *Java* back end only) * *sha1_in_certs*: Value of 1 if *SHA1* allowed in certificate signatures, 0 otherwise (Applies to *GnuTLS* back end only.) * *arbitrary_dh_groups*: Value of 1 if arbitrary group in *Diffie-Hellman* is allowed, 0 otherwise * *ssh_certs*: Value of 1 if *OpenSSH* certificate authentication is allowed, 0 otherwise * *etm*: *ANY*/*DISABLE_ETM*/*DISABLE_NON_ETM* allows both EtM (Encrypt-then-Mac) and E&M (Encrypt-and-Mac), disables EtM, and disables E&M respectively. (Currently only implemented for SSH, do not use without *@SSH* scope.) Full policy definition files have suffix `.pol`, subpolicy files have suffix `.pmod`. Subpolicies do not have to have values set for all the keys listed above. The effective configuration of a policy with subpolicies applied is the same as a configuration from a single policy obtained by concatenating the policy and the subpolicies in question. *Policy file placement and naming:* The policy files shipped in packages are placed in `/usr/share/crypto-policies/policies` and the subpolicies in `/usr/share/crypto-policies/policies/modules`. Locally configured policy files should be placed in `/etc/crypto-policies/policies` and subpolicies in `/etc/crypto-policies/policies/modules`. The policy and subpolicy files must have names in upper-case except for the `.pol` and `.pmod` suffix as the update-crypto-policies command always converts the policy name to upper-case before searching for the policy on the filesystem. COMMANDS -------- *update-crypto-policies(8)*:: This command manages the policies available to the various cryptographic back ends and allows the system administrator to change the active cryptographic policy. NOTES ----- *Known notable exceptions* * *Go-language* applications do not yet follow the system-wide policy. * *GnuPG-2* application does not follow the system-wide policy. In general only the data-in-transit is currently covered by the system-wide policy. If the system administrator changes the system-wide policy with the *update-crypto-policies(8)* command it is advisable to restart the system as the individual back-end libraries read the configuration files usually during their initialization. The changes in the policy thus take place in most cases only when the applications using the back-end libraries are restarted. *Removed cipher suites and protocols* The following cipher suites and protocols are completely removed from the core cryptographic libraries listed above: * *DES* * All export grade cipher suites * *MD5* in signatures * *SSLv2* * *SSLv3* * All *ECC* curves smaller than 224 bits * All binary field *ECC* curves *Cipher suites and protocols disabled in all predefined policies* The following ciphersuites and protocols are available but disabled in all predefined crypto policies: * *DH* with parameters < 1024 bits * *RSA* with key size < 1024 bits * *Camellia* * *RC4* * *ARIA* * *SEED* * *IDEA* * Integrity only ciphersuites * *TLS* *CBC mode* ciphersuites using *SHA-384* HMAC * *AES-CCM8* * all *ECC* curves incompatible with *TLS 1.3*, including secp256k1 * *IKEv1* *Notable irregularities in the individual configuration generators* * *OpenSSL* and *NSS*: Disabling all TLS and/or all DTLS versions isn't actually possible. Trying to do so will result in the library defaults being applied instead. * *OpenSSL*: The minimum length of the keys and some other parameters are enforced by the @SECLEVEL value which does not provide a fine granularity. The list of *TLS* ciphers is not generated as an exact list but by subtracting from all the supported ciphers for the enabled key exchange methods. For that reason there is no way to disable a random cipher. In particular all *AES-128* ciphers are disabled if the *AES-128-GCM* is not present in the list; all *AES-256* ciphers are disabled if the *AES-256-GCM* is not present. The *CBC* ciphers are disabled if there isn't *HMAC-SHA1* in the hmac list and *AES-256-CBC* in the cipher list. To disable the *CCM* ciphers both *AES-128-CCM* and *AES-256-CCM* must not be present in the cipher list. * *GnuTLS*: The minimum length of the keys and some other parameters are enforced by min-verification-profile setting in the *GnuTLS* configuration file which does not provide fine granularity. * *GnuTLS*: PSK key exchanges have to be explicitly enabled by the applications using them. * *GnuTLS*: HMAC-SHA2-256 and HMAC-SHA2-384 MACs are disabled due to concerns over the constant-timedness of the implementation. * *OpenSSH*: *DH* group 1 is always disabled on server even if the policy allows 1024 bit *DH* groups in general. The OpenSSH configuration option HostKeyAlgorithms is set only for the *SSH* server as otherwise the handling of the existing known hosts entries would be broken on client. * *Libreswan*: The *key_exchange* parameter does not affect the generated configuration. The use of regular *DH* or *ECDH* can be limited with appropriate setting of the *group* parameter. * *Sequoia*: only *hash_algorithms*, *symmetric_algorithms*, *asymmetric_algorithms* and *aead_algorithms* are controlled by crypto-policies. *asymmetric_algorithms* is not controlled directly, but deduced from *sign* and *group*. * *OpenSSL*: order of *group* values is only respected within PQ and classic group "classes", and all PQ groups are automatically sorted higher than classic ones. To optimize latency while connecting to both PQ and non-PQ -aware hosts, key shares are generated and sent for the one highest priority PQ group and the one highest priority classic group. To prioritize PQ groups when both are supported, the servers prefer a PQ group over a classic group if there's an overlap in any of the PQ groups. * *NSS*: order of *group* values is ignored and built-in order is used instead. * *NSS*: currently is the only one respecting the *pkcs12* / *pkcs12-import* scopes. *pkcs12* implies *pkcs12-import*, it's not possible to allow exporting without allowing importing. The same applies to *smime* / *smime-import* scopes, and their *nss-* prefixed internal-use variants. These scopes cannot be used for enabling signature algorithms that weren't otherwise enabled. HISTORY ------- The *ECDHE-GSS* and *DHE-GSS* algorithms are newly introduced and must be specified in the base policy for the SSH GSSAPI key exchange methods to be enabled. Previously the legacy SSH GSSAPI key exchange methods were automatically enabled when the *SHA1* hash and *DH* parameters of at least 2048 bits were enabled. Before the introduction of the *custom crypto policies* support it was possible to have an completely arbitrary crypto policy created as a set of arbitrary back-end config files in `/usr/share/crypto-policies/` directory. With the introduction of the *custom crypto policies* it is still possible but there must be an empty (possibly with any comment lines) `.pol` file in `/usr/share/crypto-policies/policies` so the `update-crypto-policies` command can recognize the arbitrary custom policy. No subpolicies must be used with such an arbitrary custom policy. Modifications from *local.d* will be appended to the files provided by the policy. The use of the following historaically available options is discouraged: * *min_tls_version*: Lowest allowed TLS protocol version (recommended replacement: *protocol@TLS*) * *min_dtls_version*: Lowest allowed DTLS protocol version (recommended replacement: *protocol@TLS*) The following options are deprecated, please rewrite your policies: * *ike_protocol*: List of allowed IKE protocol versions (recommended replacement: *protocol@IKE*, mind the relative position to other *protocol* directives). * *tls_cipher*: list of allowed symmetric encryption algorithms for use with the TLS protocol (recommended replacement: *cipher@TLS*, mind the relative position to other *cipher* directives). * *ssh_cipher*: list of allowed symmetric encryption algorithms for use with the SSH protocol (recommended replacement: *cipher@SSH*, mind the relative position to other *cipher* directives). * *ssh_group*: list of allowed groups or elliptic curves for key exchanges for use with the SSH protocol (recommended replacement: *group@SSH*, mind the relative position to other *group* directives). * *sha1_in_dnssec*: Allow *SHA1* usage in DNSSec protocol even if it is not present in the *hash* and *sign* lists (recommended replacements: *hash@DNSSec*, *sign@DNSSec*). * *ssh_etm*: Value of 1 if *OpenSSH* EtM (encrypt-then-mac) extension is allowed, 0 otherwise. Use *etm@SSH* instead. FILES ----- /etc/crypto-policies/back-ends:: The individual cryptographical back-end configuration files. Usually linked to the configuration shipped in the crypto-policies package unless a configuration from `local.d` is added. /etc/crypto-policies/config:: A file containing the name of the active crypto-policy set on the system. /etc/crypto-policies/local.d:: Additional configuration shipped by other packages or created by the system administrator. The contents of the `-file.config` is appended to the configuration from the policy back end as shipped in the crypto-policies package. /usr/share/crypto-policies/policies:: System policy definition files. /usr/share/crypto-policies/policies/modules:: System subpolicy definition files. /etc/crypto-policies/policies:: Custom policy definition files as configured by the system administrator. /etc/crypto-policies/policies/modules:: Custom subpolicy definition files as configured by the system administrator. /usr/share/crypto-policies/<'POLICYNAME'>:: Pre-generated back-end configurations for policy 'POLICYNAME'. SEE ALSO -------- update-crypto-policies(8) AUTHOR ------ Written by Tomáš Mráz. crypto-policies-20251128.git19878fe/default-config000066400000000000000000000012501511230041100214170ustar00rootroot00000000000000# This file should contain a single keyword, the crypto policy to # be applied by default to applications. The available policies are # restricted to the following profiles. # # * LEGACY: Ensures maximum compatibility with legacy systems (64-bit # security). # # * DEFAULT: A reasonable default for today's standards (112-bit security). # # * FUTURE: A policy to provide security on a conservative level that is # believed to withstand any near-term future attacks (128-bit security). # # * FIPS: Policy that enables only FIPS 140 approved or allowed algorithms. # # After modifying this file, you need to run update-crypto-policies # for the changes to propagate. # DEFAULT crypto-policies-20251128.git19878fe/default-fips-config000066400000000000000000000000051511230041100223530ustar00rootroot00000000000000FIPS crypto-policies-20251128.git19878fe/doc/000077500000000000000000000000001511230041100173545ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/doc/DCO.txt000066400000000000000000000021531511230041100205230ustar00rootroot00000000000000Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. crypto-policies-20251128.git19878fe/fips-crypto-policy-overlay000077500000000000000000000052361511230041100237760ustar00rootroot00000000000000#!/bin/bash # SPDX-License-Identifier: LGPL-2.1-or-later set -u policyfile=/etc/crypto-policies/config fipspolicyfile=/usr/share/crypto-policies/default-fips-config fipspolicyfilesuffix=/crypto-policies/default-fips-config backends=/etc/crypto-policies/back-ends fipsbackends=/usr/share/crypto-policies/back-ends/FIPS fipsbackendssuffix=/crypto-policies/back-ends/FIPS if ! mountpoint -q /proc; then echo "/proc is not mounted" 1>&2 exit 1 fi if ! [[ $(cat /proc/sys/crypto/fips_enabled) == 1 ]]; then echo "FIPS mode is not enabled." 1>&2 exit 1 fi if mountpoint -q "${policyfile}"; then if grep -qF "${fipspolicyfilesuffix} ${policyfile} " /proc/self/mountinfo then echo "Some path ending in ${fipspolicyfilesuffix}" 1>&2 echo "is already mounted over ${policyfile}" 1>&2 exit 0 fi echo "Warning: ${policyfile} is already mounted over." 1>&2 fi if mountpoint -q "${backends}"; then if grep -qF "${fipsbackendssuffix} ${backends} " /proc/self/mountinfo; then echo "Some path ending in ${fipsbackendssuffix} " 1>&2 echo "is already mounted over ${backends}" 1>&2 exit 0 fi echo "Warning: ${backends} is already mounted over." 1>&2 fi # When in FIPS mode, check the active crypto policy by reading the # /etc/crypto-policies/config file. If it is not "FIPS", or does not start # with "FIPS:", automatically switch to the FIPS policy by creating # bind-mounts. if ! [ -f "${policyfile}" ]; then echo "${policyfile} is missing." 1>&2 exit 1 fi policy=$(cat "${policyfile}") if [[ "${policy}" == "FIPS" || "${policy}" =~ ^FIPS: ]]; then echo "System-wide crypto-policy is already set to ${policy}." 1>&2 exit 0 fi # Current crypto policy is not FIPS or FIPS-based, but the system is in FIPS # mode; this is an inconsistent configuration. Automatically bind-mount a FIPS # configuration over this. if ! mount -o bind,ro "${fipsbackends}" "${backends}"; then echo -n "Failed to bind-mount FIPS policy over ${backends} " 1>&2 echo "(the system is in FIPS mode, but the crypto-policy is not)." 1>&2 exit 1 fi # Also mount a file containing `FIPS\n` over /etc/crypto-policies/config. if [ ! -f "${fipspolicyfile}" ]; then echo -n "${fipspolicyfile} is missing." 1>&2 exit 1 fi if ! mount -o bind,ro "${fipspolicyfile}" "${policyfile}" then echo -n "Failed to bind-mount FIPS crypto-policy state file " 1>&2 echo -n "over ${policyfile} " 1>&2 echo "(the system is in FIPS mode, but the crypto-policy is not)." 1>&2 exit 1 fi crypto-policies-20251128.git19878fe/fips-crypto-policy-overlay.service000066400000000000000000000004231511230041100254230ustar00rootroot00000000000000[Unit] Description=Bind-mount FIPS crypto-policy in FIPS mode ConditionKernelCommandLine=fips=1 DefaultDependencies=no Requires=local-fs.target Before=sysinit.target [Service] Type=oneshot ExecStart=/usr/libexec/fips-crypto-policy-overlay [Install] WantedBy=sysinit.target crypto-policies-20251128.git19878fe/fips-setup-helper000077500000000000000000000003231511230041100221070ustar00rootroot00000000000000#!/bin/bash # SPDX-License-Identifier: LGPL-2.1-or-later # Private interface, subject to change, do not use. set -ueo pipefail context=$1 [[ "$context" == 'anaconda' ]] exec update-crypto-policies --set FIPS crypto-policies-20251128.git19878fe/policies/000077500000000000000000000000001511230041100204165ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/policies/BSI.pol000066400000000000000000000111061511230041100215460ustar00rootroot00000000000000# This policy follows the BSI TR-02102-2 "Kryptographische Verfahren: Verwendung von Transport Layer Security (TLS)" # Generic:https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102.html # TLS: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-2.html # IPSEC: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-3.html # Note that currently crypto-policies do not adjust ipsec configs, but only openssl or nss. # SSH: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/TechnischeRichtlinien/TR02102/BSI-TR-02102-4.html # Note that the SUSE openssh is not yet reading crypto policies. # Author: Marcus Meissner 2023 # # Based on DEFAULT.pol # BSI TR 02102 / revision 2023.1, Table 5.1 "Empfohlene Hashfunktionen." # HMAC-SHA1 is not valid anymore # UMAC is for SSH... check TODO mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 # BSI TR 02102-2 / revision 2023.1, Table 4 "Empfohlene Diffie-Hellman-Gruppen für TLS 1.2" # not listed in BSI TR, but could be included: FFDHE-6144 FFDHE-8192 group = SECP256R1 SECP384R1 SECP521R1 FFDHE-3072 FFDHE-4096 BRAINPOOL-P512R1 BRAINPOOL-P384R1 BRAINPOOL-P256R1 # BSI TR 02102 / revision 2023.1, Table 5.1 "Empfohlene Hashfunktionen." hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 hash@DNSSec = SHA1+ # SHA1 is still prevalent in DNSSec # BSI TR 02102-2 / revision 2023.1, Table 5 "Empfohlene Signaturverfahren für TLS 1.2" and # Table 6 "Empfohlene Hashfunktionen für Signaturverfahren in TLS 1.2" # BSI TR 02102 / revision 2023.1 Section 5 "Hashfunktionen" # 224 bit SHA parts not recommended by BSI: ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-BRAINPOOLP256-SHA2-256 \ ECDSA-BRAINPOOLP384-SHA2-384 \ ECDSA-BRAINPOOLP512-SHA2-512 # Brainpool RFC 8734 TLS 1.3 ones are present in # BSI-TR-02102-2 / revision 2024.1 in Tables 10-11: # Empfohlene Signaturverfahren für TLS 1.3 (Client-/Server-Signatur) # Empfohlene Signaturverfahren für TLS 1.3 (Zertifikatssignaturen) sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ # SHA1 is still prevalent in DNSSec # BSI TR 02102 / revision 2023.1 and # BSI TR 02102-2 / revision 2023.1, Table 1 and Table 2 # Not listed in BSI TR: CHACHA20-POLY1305 CAMELLIA-256-GCM CAMELLIA-128-CBC CAMELLIA-256-CBC CAMELLIA-128-GCM cipher = AES-256-GCM AES-256-CCM AES-256-CTR AES-256-CBC AES-128-GCM AES-128-CCM AES-128-CTR AES-128-CBC # BSI-TR-02102-1 is fine with GCM in general and BSI-TR-03116-4 seems to be fine with AES-128-CFB cipher@{sequoia,RPM} = AES-256-CFB AES-256-GCM AES-128-CFB AES-128-GCM # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC # BSI TR 02102-2 / revision 2023.1, Table 1 and Table 2 # Note this goes to all ciphers. DHE-GSS is not valid for TLS, but used in SSH. # TLS: ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK are ok, GSS is not used in TLS, will not be used for TLS key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS # BSI TR 02102-2 / revision 2023.1, Section 3.2 "SSL/TLS Versionen" protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 # BSI TR 02102-3 only specifies IKEv2 protocol@IKE = IKEv2 # Just a guesstimate cipher@{pkcs12,smime} = AES-256-CBC AES-128-CBC hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 key_exchange@smime = RSA DH ECDH # Parameter sizes # BSI TR 02102-2 / revision 2023.1: 3k recommended (actually BSI refers to 3000, but lets make it a 2 exponent) min_dh_size = 3072 min_dsa_size = 3072 # BSI TR 02102-2 / revision 2023.1: RSA 2k was still allowed until end of 2023, starting 2024 its 3k. min_rsa_size = 3072 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY crypto-policies-20251128.git19878fe/policies/DEFAULT.pol000066400000000000000000000071601511230041100222220ustar00rootroot00000000000000# A reasonable default for today's standards. It should provide # 112-bit security with the exception of SHA1 signatures in DNSSec. # SHA1 is allowed in HMAC where collision attacks do not matter. # OpenSSL distrusts signatures using SHA-1 (Changes/OpenSSLDistrustSHA1SigVer). # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA1 group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \ SHAKE-256 hash@DNSSec = SHA1+ # SHA1 is still prevalent in DNSSec sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ # SHA1 is still prevalent in DNSSec sign@{sequoia,RPM} = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher@{sequoia,RPM} = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX \ AES-128-CFB AES-128-GCM AES-128-OCB AES-128-EAX CAMELLIA-256-CFB CAMELLIA-128-CFB # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = KEM-ECDH ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@pkcs12-import = 3DES-CBC+ RC2-CBC+ cipher@smime = AES-256-CBC AES-128-CBC 3DES-CBC cipher@smime-import = RC2-CBC+ hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 \ SHA2-224 SHA3-224 hash@{pkcs12-import,smime} = SHA1+ key_exchange@smime = RSA DH ECDH # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY # https://pagure.io/fesco/issue/2960 # "RPM must accept SHA-1 hashes and DSA keys for Fedora 38" sign@RPM = DSA-SHA1+ hash@RPM = SHA1+ min_dsa_size@RPM = 1024 crypto-policies-20251128.git19878fe/policies/EMPTY.pol000066400000000000000000000004251511230041100220310ustar00rootroot00000000000000# Just an empty policy for testing mac = group = hash = sign = cipher = key_exchange = #protocol = # Parameter sizes min_dh_size = 0 min_dsa_size = 0 min_rsa_size = 0 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 0 ssh_certs = 0 etm@SSH = DISABLE_ETM crypto-policies-20251128.git19878fe/policies/FEDORA42.pol000066400000000000000000000066601511230041100222500ustar00rootroot00000000000000# A reasonable default for today's standards. It should provide # 112-bit security with the exception of SHA1 signatures in DNSSec. # SHA1 is allowed in HMAC where collision attacks do not matter. # OpenSSL distrusts signatures using SHA-1 (Changes/OpenSSLDistrustSHA1SigVer). # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA1 group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \ SHAKE-256 hash@DNSSec = SHA1+ # SHA1 is still prevalent in DNSSec sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ # SHA1 is still prevalent in DNSSec cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher@{sequoia,RPM} = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX \ AES-128-CFB AES-128-GCM AES-128-OCB AES-128-EAX CAMELLIA-256-CFB CAMELLIA-128-CFB # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@pkcs12-import = 3DES-CBC+ RC2-CBC+ cipher@smime = AES-256-CBC AES-128-CBC 3DES-CBC cipher@smime-import = RC2-CBC+ hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 \ SHA2-224 SHA3-224 hash@{pkcs12-import,smime} = SHA1+ key_exchange@smime = RSA DH ECDH # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY # https://pagure.io/fesco/issue/2960 # "RPM must accept SHA-1 hashes and DSA keys for Fedora 38" sign@RPM = DSA-SHA1+ hash@RPM = SHA1+ min_dsa_size@RPM = 1024 crypto-policies-20251128.git19878fe/policies/FEDORA43.pol000066400000000000000000000071601511230041100222450ustar00rootroot00000000000000# A reasonable default for today's standards. It should provide # 112-bit security with the exception of SHA1 signatures in DNSSec. # SHA1 is allowed in HMAC where collision attacks do not matter. # OpenSSL distrusts signatures using SHA-1 (Changes/OpenSSLDistrustSHA1SigVer). # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA1 group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \ SHAKE-256 hash@DNSSec = SHA1+ # SHA1 is still prevalent in DNSSec sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 sign@DNSSec = RSA-SHA1+ ECDSA-SHA1+ # SHA1 is still prevalent in DNSSec sign@{sequoia,RPM} = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher@{sequoia,RPM} = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX \ AES-128-CFB AES-128-GCM AES-128-OCB AES-128-EAX CAMELLIA-256-CFB CAMELLIA-128-CFB # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = KEM-ECDH ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@pkcs12-import = 3DES-CBC+ RC2-CBC+ cipher@smime = AES-256-CBC AES-128-CBC 3DES-CBC cipher@smime-import = RC2-CBC+ hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 \ SHA2-224 SHA3-224 hash@{pkcs12-import,smime} = SHA1+ key_exchange@smime = RSA DH ECDH # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY # https://pagure.io/fesco/issue/2960 # "RPM must accept SHA-1 hashes and DSA keys for Fedora 38" sign@RPM = DSA-SHA1+ hash@RPM = SHA1+ min_dsa_size@RPM = 1024 crypto-policies-20251128.git19878fe/policies/FIPS.pol000066400000000000000000000053051511230041100216760ustar00rootroot00000000000000# Only FIPS approved or allowed algorithms. It does not provide FIPS compliance # by itself, the FIPS validated crypto modules must be properly installed # and the machine must be booted into the FIPS mode. # MACs: all HMAC with SHA1 or better # Curves: all prime >= 256 bits, hybrid ML-KEM # Signature algorithms: with SHA224 hash or better (no DSA), pure ML-DSA # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, including AES-CBC) # non-TLS Ciphers: same # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD HMAC-SHA2-512 HMAC-SHA1 group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 \ SECP256R1 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 group@openssl = +P256-MLKEM768 # deprioritize X25519-MLKEM768 group@{openssh,sequoia,rpm} = -MLKEM768-X25519 # not supported in FIPS ATM hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 sign@{sequoia,RPM} = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP cipher = AES-256-GCM AES-256-CCM \ AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CCM \ AES-128-CTR AES-128-CBC cipher@TLS = AES-256-GCM AES-256-CCM AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher@{sequoia,RPM} = AES-256-GCM AES-256-CFB AES-128-GCM AES-128-CFB # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC key_exchange = KEM-ECDH ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 cipher@{pkcs12,smime} = AES-256-CBC AES-128-CBC hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 \ SHA2-224 key_exchange@smime = RSA DH ECDH # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY __ems = ENFORCE crypto-policies-20251128.git19878fe/policies/FUTURE.pol000066400000000000000000000056421511230041100221530ustar00rootroot00000000000000# A level that will provide security on a conservative level that is # believed to withstand any near-term future attacks. And also provide # some (not complete) preparation for post quantum encryption support # in form of 256 bit symmetric encryption requirement. # It provides at least an 128-bit security. This level may prevent # communication with many used systems that provide weaker security levels # (e.g., systems that use SHA-1 as signature algorithm). # MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers # non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers and Camellia # key exchange: ECDHE, DHE (no DHE-DSS) # DH params size: >= 3072 # RSA params size: >= 3072 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 sign@{sequoia,RPM} = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 cipher@{sequoia,RPM} = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX CAMELLIA-256-CFB # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = -*-CBC key_exchange = KEM-ECDH ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 cipher@{pkcs12,smime} = AES-256-CBC AES-128-CBC cipher@smime-import = 3DES-CBC+ hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 key_exchange@smime = RSA DH ECDH # Parameter sizes min_dh_size = 3072 min_dsa_size = 3072 min_rsa_size = 3072 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@ssh = ANY crypto-policies-20251128.git19878fe/policies/GOST-ONLY.pol000066400000000000000000000016501511230041100224670ustar00rootroot00000000000000# Next generation GOST algorithms mac = AEAD HMAC-STREEBOG-256 HMAC-STREEBOG-512 MAGMA-OMAC KUZNYECHIK-OMAC MAGMA-OMAC-ACPKM KUZNYECHIK-OMAC-ACPKM GOST28147-TC26Z-IMIT GOST28147-CPA-IMIT group = GOST-GC256A GOST-GC256B GOST-GC256C GOST-GC256D GOST-GC512A GOST-GC512B GOST-GC512C hash = GOSTR94 STREEBOG-256 STREEBOG-512 sign = GOSTR341001 GOSTR341012-256 GOSTR341012-512 cipher@TLS = GOST28147-TC26Z-CNT GOST28147-CPA-CFB MAGMA-CTR-ACPKM KUZNYECHIK-CTR-ACPKM cipher@!TLS = GOST28147-TC26Z-CNT MAGMA-CTR-ACPKM KUZNYECHIK-CTR-ACPKM GOST28147-CPA-CFB GOST28147-CPB-CFB GOST28147-CPC-CFB GOST28147-CPD-CFB GOST28147-TC26Z-CFB key_exchange = VKO-GOST-2001 VKO-GOST-2012 VKO-GOST-KDF protocol@TLS = TLS1.3 TLS1.2 TLS1.1 TLS1.0 # Parameter sizes # GOST ciphersuites don't use DH params. The value is set to fit SECLEVEL=2 for OpenSSL min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 crypto-policies-20251128.git19878fe/policies/LEGACY.pol000066400000000000000000000073301511230041100221010ustar00rootroot00000000000000# Provides settings for ensuring maximum compatibility with legacy systems. # This policy is less secure and intended to be a easy way to switch system # to be compatible with older systems. # It should provide at least 64-bit security, include 3DES, but exclude RC4. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-1 hash or better (DSA allowed) # TLS Ciphers: all available > 112-bit key, >= 128-bit block # (including 3DES, excluding RC4) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE # DH params size: >= 1024 # RSA params size: >= 1024 # DSA params size: >= 1024 # TLS protocols: TLS >= 1.0 DTLS >= 1.0 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA1 group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 group@SSH = FFDHE-1024+ hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \ SHAKE-256 SHAKE-128 SHA1 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 \ DSA-SHA2-256 DSA-SHA2-384 DSA-SHA2-512 DSA-SHA2-224 \ DSA-SHA3-256 DSA-SHA3-384 DSA-SHA3-512 \ ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 DSA-SHA1 sign@{sequoia,RPM} = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC \ 3DES-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC 3DES-CBC cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CTR AES-128-CBC 3DES-CBC cipher@{sequoia,RPM} = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX \ AES-128-CFB AES-128-GCM AES-128-OCB AES-128-EAX CAMELLIA-256-CFB CAMELLIA-128-CFB # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = KEM-ECDH ECDHE RSA DHE DHE-RSA DHE-DSS PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0 protocol@IKE = IKEv2 cipher@pkcs12 = AES-256-CBC AES-192-CBC AES-128-CBC \ CAMELLIA-256-CBC CAMELLIA-192-CBC CAMELLIA-128-CBC \ 3DES-CBC DES-CBC RC4-128 DES40-CBC RC2-CBC SEED-CBC cipher@smime = AES-256-CBC AES-192-CBC AES-128-CBC 3DES-CBC DES-CBC RC2-CBC hash@{pkcs12,smime} = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 \ SHA2-224 SHA3-224 \ SHA1 MD5 key_exchange@smime = RSA DH ECDH # Parameter sizes min_dh_size = 1024 min_dsa_size = 1024 min_rsa_size = 1024 # GnuTLS only for now sha1_in_certs = 1 # https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer __openssl_block_sha1_signatures = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY crypto-policies-20251128.git19878fe/policies/NEXT.pol000077700000000000000000000000001511230041100235032DEFAULT.polustar00rootroot00000000000000crypto-policies-20251128.git19878fe/policies/modules/000077500000000000000000000000001511230041100220665ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/policies/modules/AD-SUPPORT.pmod000066400000000000000000000005131511230041100244040ustar00rootroot00000000000000# AD-SUPPORT subpolicy is intended to be used in Active Directory # environments where either accounts or trusted domain objects were not yet # migrated to AES or future encryption types. Active Directory implicitly # requires RC4 and MD5 (arcfour-hmac-md5) in Kerberos by default. cipher@kerberos = RC4-128+ hash@kerberos = MD5+ crypto-policies-20251128.git19878fe/policies/modules/ECDHE-ONLY.pmod000066400000000000000000000002101511230041100243270ustar00rootroot00000000000000# This is an example of a subpolicy # enforcing ECDHE and ECDHE with PSK key exchanges key_exchange = ECDHE ECDHE-PSK group = -FFDHE-* crypto-policies-20251128.git19878fe/policies/modules/GOST.pmod000066400000000000000000000014251511230041100235250ustar00rootroot00000000000000# Adds GOST algorithms. # This is an example subpolicy, the algorithm names might differ in reality. mac = +HMAC-STREEBOG-256 +HMAC-STREEBOG-512 +MAGMA-OMAC +KUZNYECHIK-OMAC +MAGMA-OMAC-ACPKM +KUZNYECHIK-OMAC-ACPKM +GOST28147-TC26Z-IMIT +GOST28147-CPA-IMIT +AEAD group = +GOST-GC256A +GOST-GC256B +GOST-GC256C +GOST-GC256D +GOST-GC512A +GOST-GC512B +GOST-GC512C hash = +STREEBOG-256 +STREEBOG-512 GOSTR94+ sign = +GOSTR341012-256 +GOSTR341012-512 GOSTR341001+ cipher@TLS = +GOST28147-TC26Z-CNT +GOST28147-CPA-CFB +MAGMA-CTR-ACPKM +KUZNYECHIK-CTR-ACPKM cipher@!TLS = +GOST28147-TC26Z-CNT +MAGMA-CTR-ACPKM +KUZNYECHIK-CTR-ACPKM +GOST28147-CPA-CFB +GOST28147-CPB-CFB +GOST28147-CPC-CFB +GOST28147-CPD-CFB +GOST28147-TC26Z-CFB key_exchange = +VKO-GOST-2001 +VKO-GOST-2012 +VKO-GOST-KDF crypto-policies-20251128.git19878fe/policies/modules/NO-CAMELLIA.pmod000066400000000000000000000001351511230041100244270ustar00rootroot00000000000000# This is an example subpolicy dropping the Camellia support altogether cipher = -CAMELLIA-* crypto-policies-20251128.git19878fe/policies/modules/NO-ENFORCE-EMS.pmod000066400000000000000000000003701511230041100247640ustar00rootroot00000000000000# As per FIPS 140-3 IG Annex D.Q, EMS is mandatory in TLS 1.2 since 2023-05-16. # This subpolicy disables this mandatory EMS enforcement of the FIPS policy. # Doing so violates FIPS requirements, do not use in FIPS-compliant setups. __ems = RELAX crypto-policies-20251128.git19878fe/policies/modules/NO-PQ.pmod000066400000000000000000000006301511230041100236000ustar00rootroot00000000000000# A subpolicy that's meant to disable everything TEST-PQ enables. # At the time of the introduction, FEDORA43:NO-PQ should be equal to FEDORA42, # and so should a FEDORA42:TEST-PQ:NO-PQ. # May disappear with the next update. # %suppress_experimental_value_warnings=true group = -*MLKEM* sign = -*SPHINCS* -*FALCON* -*MLDSA* key_exchange = -SNTRUP -KEM-ECDH # %suppress_experimental_value_warnings=false crypto-policies-20251128.git19878fe/policies/modules/NO-SHA1.pmod000066400000000000000000000003431511230041100237550ustar00rootroot00000000000000# This is an example subpolicy dropping the SHA1 hash and signature support hash = -SHA1 sign = -*-SHA1 sha1_in_certs = 0 # https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer __openssl_block_sha1_signatures = 1 crypto-policies-20251128.git19878fe/policies/modules/OSPP.pmod000066400000000000000000000042021511230041100235260ustar00rootroot00000000000000# Restrict FIPS policy for the Common Criteria OSPP profile. # SSH (upper limit) # Ciphers: aes256-ctr, aes256-cbc, aes256-gcm@openssh.com # PubkeyAcceptedKeyTypes: rsa-sha2-256, rsa‑sha2‑512 # MACs: hmac-sha2-256, hmac-sha2-512, implicit for aes256-gcm@openssh.com # KexAlgorithms: ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 # TLS ciphers (suggested minimal set for openssl) # * TLS_RSA_WITH_AES_128_CBC_SHA - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_CBC_SHA - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_128_CBC_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_CBC_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_128_GCM_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_GCM_SHA384 - excluded by FIPS, uses RSA key exchange # * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 # * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 # * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself # * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself # * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # Supported Groups Extension in ClientHello: secp256r1, secp384r1, secp521r1 mac = -HMAC-SHA1 # see above, both SSH and TLS ended up not using it group = -MLKEM768-X25519 -P256-MLKEM768 -P384-MLKEM1024 -SECP256R1 -FFDHE-2048 hash = -SHA2-224 -SHA3-* sign = -MLDSA44 -MLDSA65 -MLDSA87 \ -ECDSA-SHA2-224 -ECDSA-SHA2-256 -RSA-PSS-SHA2-224 -RSA-SHA2-224 cipher = -AES-*-CCM -AES-128-* cipher@!{ssh,tls} = -AES-*-CTR key_exchange = -KEM-ECDH ssh_certs = 0 etm@ssh = DISABLE_ETM protocol@TLS = -TLS1.3 min_dh_size = 3072 min_rsa_size = 3072 arbitrary_dh_groups = 0 crypto-policies-20251128.git19878fe/policies/modules/SHA1.pmod000066400000000000000000000003531511230041100234440ustar00rootroot00000000000000# This subpolicy adds SHA1 hash and signature support hash = SHA1+ sign = ECDSA-SHA1+ RSA-PSS-SHA1+ RSA-SHA1+ sha1_in_certs = 1 # https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer __openssl_block_sha1_signatures = 0 crypto-policies-20251128.git19878fe/policies/modules/TEST-PQ.pmod000066400000000000000000000034201511230041100240430ustar00rootroot00000000000000# An experimental subpolicy enabling all the currently available # post-quantum and hybrid algorithms. # Not for production use. # May disappear with the next update. group = +P521-MLKEM1024 group = +P384-MLKEM768 group = +MLKEM1024 group = +P256-MLKEM512 group = +MLKEM1024-X448 group = +X448-MLKEM768 group = +MLKEM768 group = +X25519-MLKEM512 group = +MLKEM512 # re-prioritizing the ones from the base policies group = -MLKEM768-X25519 -P256-MLKEM768 -P384-MLKEM1024 group = -MLKEM1024-X448 group = +MLKEM1024-X448 group = +MLKEM768-X25519 group = +P384-MLKEM1024 group = +P256-MLKEM768 group = +MLKEM768-X25519 sign = +RSA3072-SPHINCSSHAKE128FSIMPLE sign = +P256-SPHINCSSHAKE128FSIMPLE sign = +SPHINCSSHAKE128FSIMPLE sign = +P384-SPHINCSSHA2192FSIMPLE sign = +SPHINCSSHA2192FSIMPLE sign = +RSA3072-SPHINCSSHA2128SSIMPLE sign = +P256-SPHINCSSHA2128SSIMPLE sign = +SPHINCSSHA2128SSIMPLE sign = +RSA3072-SPHINCSSHA2128FSIMPLE sign = +P256-SPHINCSSHA2128FSIMPLE sign = +SPHINCSSHA2128FSIMPLE sign = +P521-FALCONPADDED1024 sign = +FALCONPADDED1024 sign = +P521-FALCON1024 sign = +FALCON1024 sign = +RSA3072-FALCONPADDED512 sign = +P256-FALCONPADDED512 sign = +FALCONPADDED512 sign = +RSA3072-FALCON512 sign = +P256-FALCON512 sign = +FALCON512 sign = +MLDSA87-ED448 sign = +MLDSA87-BP384 sign = +MLDSA87-P384 sign = +P521-MLDSA87 sign = +MLDSA65-ED25519 sign = +MLDSA65-BP256 sign = +MLDSA65-P256 sign = +MLDSA65-RSA3072 sign = +MLDSA65-PSS3072 sign = +P384-MLDSA65 sign = +MLDSA44-BP256 sign = +MLDSA44-P256 sign = +MLDSA44-ED25519 sign = +MLDSA44-RSA2048 sign = +MLDSA44-PSS2048 sign = +RSA3072-MLDSA44 sign = +P256-MLDSA44 # re-prioritizing the ones from the base policies sign = -MLDSA44 -MLDSA65 -MLDSA87 sign = +MLDSA87 sign = +MLDSA65 sign = +MLDSA44 key_exchange = +SNTRUP key_exchange = +KEM-ECDH crypto-policies-20251128.git19878fe/pylintrc000066400000000000000000000022221511230041100203740ustar00rootroot00000000000000[MASTER] # Pickle collected data for later comparisons. persistent=no # Use multiple processes to speed up Pylint. jobs=0 # Ignore external repository for krb5 tests ignore=krb5check [MESSAGES CONTROL] enable= all disable= I, fixme, missing-docstring, invalid-name, no-else-return, duplicate-code, # libssh-openssh trigger a lot of these use-implicit-booleaness-not-comparison-to-zero, use-implicit-booleaness-not-comparison-to-string, [REPORTS] # Set the output format. Available formats are text, parseable, colorized, msvs # (visual studio) and html. You can also give a reporter class, eg # mypackage.mymodule.MyReporterClass. output-format=colorized # Tells whether to display a full report or only the messages reports=no # Template used to display messages. This is a python new-style format string # used to format the message information. See doc for all details msg-template='{path}:{line}: [{msg_id}({symbol}), {obj}] {msg})' # Disable evaluation score score=no [FORMAT] max-line-length=79 [DESIGN] max-locals=30 max-branches=50 max-statements=100 max-parents=8 # needed for dual-role exceptions/warnings crypto-policies-20251128.git19878fe/pytest.ini000066400000000000000000000000641511230041100206400ustar00rootroot00000000000000[pytest] doctest_optionflags = NORMALIZE_WHITESPACE crypto-policies-20251128.git19878fe/python/000077500000000000000000000000001511230041100201305ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/python/build-crypto-policies.py000077500000000000000000000135011511230041100247270ustar00rootroot00000000000000#!/usr/bin/env python3 # SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import argparse import difflib import os import sys import warnings import cryptopolicies import policygenerators RELOAD_CMD_NAME = 'reload-cmds.sh' warnings.formatwarning = lambda msg, category, *_unused_a, **_unused_kwa: \ f'{category.__name__}: {str(msg)[:1].upper() + str(msg)[1:]}\n' def eprint(*args, **kwargs): print(*args, file=sys.stderr, **kwargs) def parse_args(): """Parse the command line""" parser = argparse.ArgumentParser(allow_abbrev=False) parser.add_argument('--flat', action='store_true', help='put all the generated files ' 'in a single directory') parser.add_argument('--test', action='store_true', help='compare the generated config file ' 'with the existing one') parser.add_argument('--policy', type=str, metavar='POLICY', help='generate the specified policy only') parser.add_argument('--reloadcmds', action='store_true', help='also save reload cmds ' 'into reload-cmds.sh script in output directory') parser.add_argument('--strict', action='store_true', help='fail on warnings') parser.add_argument('policydir', help='a directory with base policy definition files ' '(*.pol)') parser.add_argument('outputdir', help='a target directory with generated config files') return parser.parse_args() def save_config(cmdline, policy_name, config_name, config): if cmdline.flat: path = os.path.join(cmdline.outputdir, f'{policy_name}-{config_name}.txt') else: dirpath = os.path.join(cmdline.outputdir, policy_name) if not os.path.isdir(dirpath): try: os.mkdir(dirpath) except OSError: eprint(f'Cannot create directory for policy {policy_name}') return False path = os.path.join(dirpath, config_name + '.txt') if cmdline.test: try: with open(path, encoding='utf-8') as f: old_config = f.read() if old_config != config: eprint(f'Config for {config_name} for policy {policy_name} ' 'differs from the existing one:') def lines(s): return [l + '\n' for l in s.split('\n')] diff = difflib.unified_diff(lines(old_config), lines(config), fromfile=path, tofile=path + '.new') sys.stderr.writelines(diff) return False return True except FileNotFoundError: pass except OSError: eprint(f'Error reading generated file {path}') return False print(f'Saving config for {config_name} for policy {policy_name}') with open(path, mode='w', encoding='utf-8') as f: f.write(config) print() return True def build_policy(cmdline, policy_name, subpolicy_names=None): err = 0 if subpolicy_names is None: subpolicy_names = [] try: ucp = cryptopolicies.UnscopedCryptoPolicy(policy_name, *subpolicy_names, policydir=cmdline.policydir) except ValueError as e: # TODO: catch specific thing eprint('Error: ' + str(e)) return 1 generators = [g for g in dir(policygenerators) if 'Generator' in g] for g in generators: cls = policygenerators.__dict__[g] gen = cls() config = gen.generate_config(ucp) if policy_name in {'EMPTY', 'GOST-ONLY'} or gen.test_config(config): try: name = ':'.join([policy_name, *subpolicy_names]) if not save_config(cmdline, name, gen.CONFIG_NAME, config): err = 5 except OSError: eprint('Error saving config for ' + gen.CONFIG_NAME) eprint('Keeping original configuration') err = 4 else: eprint('Error testing config for ' + gen.CONFIG_NAME) err = 3 return err def save_reload_cmds(cmdline): err = 0 generators = [g for g in dir(policygenerators) if 'Generator' in g] path = os.path.join(cmdline.outputdir, RELOAD_CMD_NAME) try: with open(path, mode='w', encoding='utf-8') as f: for g in generators: cls = policygenerators.__dict__[g] f.write(cls.RELOAD_CMD) except OSError: eprint('Error saving reload cmds') err = 6 return err def main(): """The actual command implementation""" cmdline = parse_args() err = 0 if cmdline.strict: warnings.filterwarnings("error") if cmdline.policy: names = [n for n in cmdline.policy.upper().split(':') if n] policy_name, *subpolicy_names = names err = build_policy(cmdline, policy_name, subpolicy_names) else: with os.scandir(cmdline.policydir) as sd: for i in sd: if not i.name.startswith('.'): if i.is_file(follow_symlinks=False): policy_name, ext = os.path.splitext(i.name) if ext == '.pol': err = build_policy(cmdline, policy_name) if err: break if not err and cmdline.reloadcmds: err = save_reload_cmds(cmdline) sys.exit(err) # Entry point if __name__ == "__main__": main() crypto-policies-20251128.git19878fe/python/cryptopolicies/000077500000000000000000000000001511230041100232005ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/python/cryptopolicies/__init__.py000066400000000000000000000003441511230041100253120ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz from .cryptopolicies import UnscopedCryptoPolicy __all__ = ['UnscopedCryptoPolicy'] crypto-policies-20251128.git19878fe/python/cryptopolicies/alg_lists.py000066400000000000000000000160021511230041100255320ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz """Lists of algorithms and globbing among them.""" import fnmatch import warnings from . import validation ALL_CIPHERS = ( 'AES-256-GCM', 'AES-256-CCM', 'AES-192-GCM', 'AES-192-CCM', 'AES-128-GCM', 'AES-128-CCM', 'CHACHA20-POLY1305', 'CAMELLIA-256-GCM', 'CAMELLIA-128-GCM', 'AES-256-CTR', 'AES-256-CBC', 'AES-192-CTR', 'AES-192-CBC', 'AES-128-CTR', 'AES-128-CBC', 'AES-256-OCB', 'AES-256-EAX', 'AES-192-OCB', 'AES-192-EAX', 'AES-128-OCB', 'AES-128-EAX', 'CAMELLIA-256-CBC', 'CAMELLIA-192-CBC', 'CAMELLIA-128-CBC', '3DES-CBC', 'DES-CBC', 'RC4-40', 'RC4-128', 'DES40-CBC', 'RC2-CBC', 'IDEA-CBC', 'SEED-CBC', 'AES-256-CFB', 'AES-192-CFB', 'AES-128-CFB', 'CAMELLIA-256-CFB', 'CAMELLIA-192-CFB', 'CAMELLIA-128-CFB', '3DES-CFB', 'IDEA-CFB', 'GOST28147-TC26Z-CFB', 'GOST28147-CPA-CFB', 'GOST28147-CPB-CFB', 'GOST28147-CPC-CFB', 'GOST28147-CPD-CFB', 'GOST28147-TC26Z-CNT', 'MAGMA-CTR-ACPKM', 'KUZNYECHIK-CTR-ACPKM', 'NULL', ) ALL_MACS = ( 'AEAD', 'UMAC-128', 'HMAC-SHA1', 'HMAC-SHA2-256', 'HMAC-SHA2-384', 'HMAC-SHA2-512', 'UMAC-64', 'HMAC-MD5', 'HMAC-STREEBOG-256', 'HMAC-STREEBOG-512', 'GOST28147-CPA-IMIT', 'GOST28147-TC26Z-IMIT', 'MAGMA-OMAC', 'KUZNYECHIK-OMAC', 'MAGMA-OMAC-ACPKM', 'KUZNYECHIK-OMAC-ACPKM', ) ALL_HASHES = ( 'SHA2-256', 'SHA2-384', 'SHA2-512', 'SHA3-256', 'SHA3-384', 'SHA3-512', 'SHA2-224', 'SHA3-224', 'SHAKE-256', 'SHAKE-128', 'SHA1', 'MD5', 'STREEBOG-256', 'STREEBOG-512', 'GOSTR94', ) # we disable curves <= 256 bits by default in Fedora EXPERIMENTAL_GROUPS = ( 'MLKEM512', 'X25519-MLKEM512', 'MLKEM768', 'X448-MLKEM768', 'P256-MLKEM512', 'MLKEM1024', 'P384-MLKEM768', 'P521-MLKEM1024', ) ALL_GROUPS = ( 'MLKEM768-X25519', 'P256-MLKEM768', 'P384-MLKEM1024', 'MLKEM1024-X448', 'X25519', 'SECP256R1', 'SECP384R1', 'SECP521R1', 'X448', 'FFDHE-1536', 'FFDHE-2048', 'FFDHE-3072', 'FFDHE-4096', 'FFDHE-6144', 'FFDHE-8192', 'FFDHE-1024', 'GOST-GC256A', 'GOST-GC256B', 'GOST-GC256C', 'GOST-GC256D', 'GOST-GC512A', 'GOST-GC512B', 'GOST-GC512C', 'BRAINPOOL-P256R1', 'BRAINPOOL-P384R1', 'BRAINPOOL-P512R1', *EXPERIMENTAL_GROUPS, ) EXPERIMENTAL_SIGN = ( 'P256-MLDSA44', 'RSA3072-MLDSA44', 'MLDSA44-PSS2048', 'MLDSA44-RSA2048', 'MLDSA44-ED25519', 'MLDSA44-P256', 'MLDSA44-BP256', 'P384-MLDSA65', 'MLDSA65-PSS3072', 'MLDSA65-RSA3072', 'MLDSA65-P256', 'MLDSA65-BP256', 'P521-MLDSA87', 'MLDSA87-P384', 'MLDSA87-BP384', 'FALCON512', 'P256-FALCON512', 'RSA3072-FALCON512', 'FALCONPADDED512', 'P256-FALCONPADDED512', 'RSA3072-FALCONPADDED512', 'FALCON1024', 'P521-FALCON1024', 'FALCONPADDED1024', 'P521-FALCONPADDED1024', 'SPHINCSSHA2128FSIMPLE', 'P256-SPHINCSSHA2128FSIMPLE', 'RSA3072-SPHINCSSHA2128FSIMPLE', 'SPHINCSSHA2128SSIMPLE', 'P256-SPHINCSSHA2128SSIMPLE', 'RSA3072-SPHINCSSHA2128SSIMPLE', 'SPHINCSSHA2192FSIMPLE', 'P384-SPHINCSSHA2192FSIMPLE', 'SPHINCSSHAKE128FSIMPLE', 'P256-SPHINCSSHAKE128FSIMPLE', 'RSA3072-SPHINCSSHAKE128FSIMPLE', ) ALL_SIGN = ( 'MLDSA44', 'MLDSA65', 'MLDSA87', 'MLDSA65-ED25519', 'MLDSA87-ED448', 'RSA-MD5', 'RSA-SHA1', 'DSA-SHA1', 'ECDSA-SHA1', 'RSA-SHA2-224', 'DSA-SHA2-224', 'ECDSA-SHA2-224', 'RSA-SHA2-256', 'DSA-SHA2-256', 'ECDSA-SHA2-256', 'ECDSA-SHA2-256-FIDO', 'RSA-SHA2-384', 'DSA-SHA2-384', 'ECDSA-SHA2-384', 'RSA-SHA2-512', 'DSA-SHA2-512', 'ECDSA-SHA2-512', 'RSA-SHA3-224', 'DSA-SHA3-224', 'ECDSA-SHA3-224', 'RSA-SHA3-256', 'DSA-SHA3-256', 'ECDSA-SHA3-256', 'RSA-SHA3-384', 'DSA-SHA3-384', 'ECDSA-SHA3-384', 'RSA-SHA3-512', 'DSA-SHA3-512', 'ECDSA-SHA3-512', 'EDDSA-ED25519', 'EDDSA-ED25519-FIDO', 'EDDSA-ED448', 'RSA-PSS-SHA1', 'RSA-PSS-SHA2-224', 'RSA-PSS-SHA2-256', 'RSA-PSS-SHA2-384', 'RSA-PSS-SHA2-512', 'RSA-PSS-RSAE-SHA1', 'RSA-PSS-RSAE-SHA2-224', 'RSA-PSS-RSAE-SHA2-256', 'RSA-PSS-RSAE-SHA2-384', 'RSA-PSS-RSAE-SHA2-512', 'RSA-PSS-SHA3-224', 'RSA-PSS-SHA3-256', 'RSA-PSS-SHA3-384', 'RSA-PSS-SHA3-512', 'RSA-PSS-RSAE-SHA3-256', 'RSA-PSS-RSAE-SHA3-384', 'RSA-PSS-RSAE-SHA3-512', 'ECDSA-BRAINPOOLP256-SHA2-256', 'ECDSA-BRAINPOOLP384-SHA2-384', 'ECDSA-BRAINPOOLP512-SHA2-512', 'GOSTR341012-512', 'GOSTR341012-256', 'GOSTR341001', *EXPERIMENTAL_SIGN, ) ALL_KEY_EXCHANGES = ( 'PSK', 'DHE-PSK', 'ECDHE-PSK', 'RSA-PSK', 'ECDHE', 'RSA', 'DHE', 'DHE-RSA', 'DHE-DSS', 'EXPORT', 'ANON', 'DH', 'ECDH', 'VKO-GOST-2001', 'VKO-GOST-2012', 'VKO-GOST-KDF', 'DHE-GSS', 'ECDHE-GSS', 'KEM-ECDH', 'SNTRUP', ) # Order matters, see preprocess_text TLS_PROTOCOLS = ('TLS1.3', 'TLS1.2', 'TLS1.1', 'TLS1.0', 'SSL3.0', 'SSL2.0') DTLS_PROTOCOLS = ('DTLS1.2', 'DTLS1.0', 'DTLS0.9') IKE_PROTOCOLS = ('IKEv2', 'IKEv1') ALL_PROTOCOLS = TLS_PROTOCOLS + DTLS_PROTOCOLS + IKE_PROTOCOLS ALL = { 'cipher': ALL_CIPHERS, 'group': ALL_GROUPS, 'hash': ALL_HASHES, 'key_exchange': ALL_KEY_EXCHANGES, 'mac': ALL_MACS, 'protocol': ALL_PROTOCOLS, 'sign': ALL_SIGN, } EXPERIMENTAL = { 'group': EXPERIMENTAL_GROUPS, 'sign': EXPERIMENTAL_SIGN, } def glob(pattern, alg_class): """ Lists algorithms matching a glob, in order of appearance in ALL[alg_class]. For more examples, refer to tests/unit/parsing/test_alg_lists.py >>> glob('RC4-*', 'cipher') ['RC4-40', 'RC4-128'] """ if alg_class not in ALL: raise validation.alg_lists.AlgorithmClassUnknownError(alg_class) r = fnmatch.filter(ALL[alg_class], pattern) if alg_class in EXPERIMENTAL: experimental_values = [v for v in r if v in EXPERIMENTAL[alg_class]] if experimental_values: warnings.warn(validation.alg_lists.ExperimentalValueWarning( alg_class, experimental_values, )) if not r: raise validation.alg_lists.AlgorithmEmptyMatchError(pattern, alg_class) return r def earliest_occurrence(needles, ordered_haystack): """ >>> earliest_occurrence('test', 'abcdefghijklmnopqrstuvwxyz') 'e' """ intersection = [n for n in needles if n in ordered_haystack] if not intersection: return None indices = (ordered_haystack.index(n) for n in intersection) return ordered_haystack[min(indices)] def min_tls_version(versions): """ >>> min_tls_version(['SSL3.0', 'TLS1.2']) 'SSL3.0' """ return earliest_occurrence(versions, TLS_PROTOCOLS[::-1]) def min_dtls_version(versions): """ >>> min_dtls_version(['DTLS1.2', 'DTLS1.0']) 'DTLS1.0' """ return earliest_occurrence(versions, DTLS_PROTOCOLS[::-1]) def max_tls_version(versions): """ >>> max_tls_version(['SSL3.0', 'TLS1.2']) 'TLS1.2' """ return earliest_occurrence(versions, TLS_PROTOCOLS) def max_dtls_version(versions): """ >>> max_dtls_version(['DTLS1.2', 'DTLS1.0']) 'DTLS1.2' """ return earliest_occurrence(versions, DTLS_PROTOCOLS) crypto-policies-20251128.git19878fe/python/cryptopolicies/cryptopolicies.py000066400000000000000000000527361511230041100266370ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import collections import enum import fnmatch import functools import operator import os import re import warnings from . import ( alg_lists, validation, # moved out of the way to not obscure the flow ) # Dunder (underscore-prefixed) options are ones # we don't advertise for direct usage, specific to a narrow set of policies. # We'd rather have users build up upon policies we ship that set them. # Defaults of integer property values (doubles as an allowlist) INT_DEFAULTS = dict.fromkeys(( 'arbitrary_dh_groups', 'min_dh_size', 'min_dsa_size', 'min_rsa_size', 'sha1_in_certs', 'ssh_certs', ), 0) | { 'min_ec_size': 256, '__openssl_block_sha1_signatures': 1, # all but the LEGACY and SHA1 now } # For enum values, first value works as default, ENUMS = { 'etm': ('ANY', 'DISABLE_ETM', 'DISABLE_NON_ETM'), '__ems': ('DEFAULT', 'ENFORCE', 'RELAX'), # FIPS/NO-ENFORCE-EMS } # Scopes (`@!ipsec`) and matching them SCOPE_ANY = '*' ALL_SCOPES = ( # defined explicitly to catch typos / globbing nothing 'tls', 'ssl', 'openssl', 'gnutls', 'java-tls', 'nss', 'nss-tls', 'pkcs12', 'pkcs12-import', 'nss-pkcs12', 'nss-pkcs12-import', 'smime', 'smime-import', 'nss-smime', 'nss-smime-import', 'ssh', 'openssh', 'openssh-server', 'openssh-client', 'libssh', 'ipsec', 'ike', 'libreswan', 'kerberos', 'krb5', 'dnssec', 'bind', 'sequoia', 'rpm', 'rpm-sequoia', ) DUMPABLE_SCOPES = { # TODO: fix duplication, backends specify same things # scope we dump under: (relative parent scope, set of scopes applied) 'bind': (None, {'bind', 'dnssec'}), 'gnutls': (None, {'gnutls', 'tls', 'ssl'}), 'java-tls': (None, {'java-tls', 'tls', 'ssl'}), 'krb5': (None, {'krb5', 'kerberos'}), 'libreswan': (None, {'ipsec', 'ike', 'libreswan'}), 'libssh': (None, {'libssh', 'ssh'}), 'nss': (None, {'nss'}), 'nss-tls': ('nss', {'nss', 'nss-tls', 'tls', 'ssl'}), 'nss-pkcs12': ('nss', {'nss', 'pkcs12', 'nss-pkcs12'}), 'nss-pkcs12-import': ('nss-pkcs12', {'nss', 'pkcs12', 'pkcs12-import', 'nss-pkcs12', 'nss-pkcs12-import'}), 'nss-smime': ('nss', {'nss', 'smime', 'nss-smime'}), 'nss-smime-import': ('nss-smime', {'nss', 'smime', 'smime-import', 'nss-smime', 'nss-smime-import'}), 'openssh': (None, {'openssh', 'ssh'}), 'openssh-client': ('openssh', {'openssh-client', 'openssh', 'ssh'}), 'openssh-server': ('openssh', {'openssh-server', 'openssh', 'ssh'}), 'openssl': (None, {'openssl', 'tls', 'ssl'}), 'sequoia': (None, {'sequoia'}), 'rpm': (None, {'rpm', 'rpm-sequoia'}), } class ScopeSelector: def __init__(self, pattern=SCOPE_ANY): """ Initialize a scope selector. An example would be `ssh` in `ciphers@ssh = -NULL`. When openssh backend will request the configuration, it'll offer (`{'ssh', 'openssh'}`) as scopes and the rule above will be taken into account. Both patterns and scopes are cast to lowercase. For more examples, refer to tests/unit/parsing/test_scope_selector.py >>> ss = ScopeSelector('!{SSH,IPsec}') >>> ss.matches({'ipsec', 'libreswan'}) False >>> ss.matches({'tls', 'openssl'}) True """ self.pattern = pattern = pattern.lower() self._positive = not pattern.startswith('!') p = pattern if self._positive else pattern[1:] validation.scope.illegal_characters(p, original_pattern=self.pattern) validation.scope.curly_brackets(p, original_pattern=self.pattern) self._globs = p[1:-1].split(',') if p.startswith('{') else [p] validation.scope.resulting_globs(self._globs, ALL_SCOPES, original_pattern=self.pattern) def __str__(self): return f'' def matches(self, scopes): """ Checks whether ScopeSelector matches one of the scopes. For more examples, refer to tests/unit/parsing/test_scope_selector.py >>> ScopeSelector('{SSH,IPsec}').matches({'ipsec', 'libreswan'}) True >>> ScopeSelector('!{SSH,IPsec}').matches({'ipsec', 'libreswan'}) False """ if self.pattern == SCOPE_ANY: # matches even an empty set return True scopes = [s.lower() for s in scopes] assert all(s in ALL_SCOPES for s in scopes) # supplied by backends if self._positive: return any(fnmatch.filter(scopes, g) for g in self._globs) return all(not fnmatch.filter(scopes, g) for g in self._globs) # Operations: interpreting right hand sides of (sub)policy files class Operation(enum.Enum): """An operation that comes with the right-hand value of the directive.""" RESET = 1 # cipher = PREPEND = 2 # cipher = +NULL APPEND = 3 # cipher = NULL+ OMIT = 4 # cipher = -NULL SET_INT = 5 # sha1_in_certs = 0; setting to something that's all digits SET_ENUM = 6 # __ems = ENFORCE def __repr__(self): # to unify the output between Python versions return f'Operation.{self.name}' def parse_rhs(rhs, prop_name): """ Parses right-hand parts of the directives into lists of operation/value pairs. For more examples, refer to tests/unit/test_parsing.py >>> parse_rhs('', 'cipher') [(Operation.RESET, None)] >>> parse_rhs('IDEA-CBC SEED-CBC', 'cipher') [(Operation.RESET, None), (Operation.APPEND, 'IDEA-CBC'), (Operation.APPEND, 'SEED-CBC')] >>> # 3DES-CBC gets prepended last for higher prio >>> parse_rhs('+*DES-CBC', 'cipher') [(Operation.PREPEND, 'DES-CBC'), (Operation.PREPEND, '3DES-CBC')] >>> parse_rhs('ENFORCE', '__ems') [(Operation.SET_ENUM, 'ENFORCE')] """ def differential(v): return v.startswith(('+', '-')) or v.endswith('+') if rhs.isdigit(): if prop_name not in alg_lists.ALL and prop_name in INT_DEFAULTS: return [(Operation.SET_INT, int(rhs))] if prop_name in alg_lists.ALL or prop_name in ENUMS: raise validation.rules.NonIntPropertyIntValueError(prop_name) assert prop_name not in alg_lists.ALL assert prop_name not in INT_DEFAULTS assert prop_name not in ENUMS # pass for now, it's gonna be caught as non-existing algclass else: if prop_name in INT_DEFAULTS: raise validation.rules.IntPropertyNonIntValueError(prop_name) if prop_name in ENUMS: if rhs not in ENUMS[prop_name]: raise validation.rules.BadEnumValueError(prop_name, rhs, ENUMS[prop_name]) return [(Operation.SET_ENUM, rhs)] values = rhs.split() if not any(differential(v) for v in values): # Setting something anew values = [x for v in values for x in alg_lists.glob(v, prop_name)] return ([(Operation.RESET, None)] + [(Operation.APPEND, v) for v in values]) if all(differential(v) for v in values): # Modifying an existing list operations = [] for value in values: if value.startswith('+'): op = Operation.PREPEND unglob = alg_lists.glob(value[1:], prop_name)[::-1] elif value.endswith('+'): op = Operation.APPEND unglob = alg_lists.glob(value[:-1], prop_name)[::-1] else: assert value.startswith('-') op = Operation.OMIT unglob = alg_lists.glob(value[1:], prop_name) operations.extend([(op, v) for v in unglob]) return operations # Forbidden to mix them on one line raise validation.rules.MixedDifferentialNonDifferentialError(rhs) # Directives: interpreting lines of (sub)policy files Directive = collections.namedtuple('Directive', ( 'prop_name', 'scope', 'operation', 'value', )) def parse_line(line): """ Parses configuration lines into tuples of directives. For more examples, refer to tests/unit/test_parsing.py >>> parse_line('cipher@TLS = RC4* NULL') [Directive(prop_name='cipher', scope='tls', operation=Operation.RESET, value=None), Directive(prop_name='cipher', scope='tls', operation=Operation.APPEND, value='RC4-40'), Directive(prop_name='cipher', scope='tls', operation=Operation.APPEND, value='RC4-128'), Directive(prop_name='cipher', scope='tls', operation=Operation.APPEND, value='NULL')] """ if not line.strip(): return [] validation.rules.count_equals_signs(line) lhs, rhs = line.split('=') lhs, rhs = lhs.strip(), rhs.strip() validation.rules.empty_lhs(lhs, line) prop_name, scope = lhs.split('@', 1) if '@' in lhs else (lhs, SCOPE_ANY) return [Directive(prop_name=prop_name, scope=scope.lower(), operation=operation, value=value) for operation, value in parse_rhs(rhs, prop_name)] def syntax_check_line(line, warn=False): try: l = parse_line(line) for d in l: ScopeSelector(d.scope) # attempt parsing except validation.PolicySyntaxError as ex: if not warn: raise warnings.warn(ex) class PolicySyntaxDeprecationWarning(FutureWarning, validation.PolicyWarning): def __init__(self, deprecated, replacement, what='option', onetoone=False): replacement = replacement.replace('\n', ' and ') msg = f'{what} {deprecated} is deprecated' msg += f', please rewrite your rules using {replacement}' if not onetoone: msg += '; be advised that it is not always a 1-1 replacement' super().__init__(msg) def preprocess_text(text): r""" Preprocesses text before parsing. Fixes line breaks, handles backwards compatibility. >>> preprocess_text('cipher = c1 \\ \nc2#x') 'cipher = c1 c2' >>> with warnings.catch_warnings(): ... warnings.simplefilter("ignore") ... preprocess_text('ike_protocol = IKEv2') 'protocol@IKE = IKEv2' >>> with warnings.catch_warnings(): ... warnings.simplefilter("ignore") ... preprocess_text('min_tls_version=TLS1.3') 'protocol@TLS = -SSL2.0 -SSL3.0 -TLS1.0 -TLS1.1 -TLS1.2' """ magic_comments = { '# %suppress_experimental_value_warnings=true', '# %suppress_experimental_value_warnings=false', } text = re.sub(r'#.*', lambda s: s.group(0) if s.group(0) in magic_comments else '', text) text = text.replace('=', ' = ') text = '\n'.join(l.strip() for l in text.split('\n')) text = text.replace('\\\n', '') text = '\n'.join(l.strip() for l in text.split('\n')) text = '\n'.join(re.sub(r'\s+', ' ', l) for l in text.split('\n')) text = re.sub('\n+', '\n', text).strip() if re.findall(r'\bprotocol\s*=', text): warnings.warn(PolicySyntaxDeprecationWarning('protocol', 'protocol@TLS')) POSTFIX_REPLACEMENTS = { 'tls_cipher': 'cipher@TLS', 'ssh_cipher': 'cipher@SSH', 'ssh_group': 'group@SSH', 'ike_protocol': 'protocol@IKE', } for fr, to in POSTFIX_REPLACEMENTS.items(): regex = r'\b' + fr + r'\s*=(.*)' ms = re.findall(regex, text) if ms: warnings.warn(PolicySyntaxDeprecationWarning(fr, to)) text = re.sub(regex, '', text) for m in ms: text += f'\n\n{to} ={m}' text = re.sub('\n+', '\n', text).strip() PLAIN_REPLACEMENTS = { 'sha1_in_dnssec = 0': 'hash@DNSSec = -SHA1\nsign@DNSSec = -RSA-SHA1 -ECDSA-SHA1', 'sha1_in_dnssec = 1': 'hash@DNSSec = SHA1+\nsign@DNSSec = RSA-SHA1+ ECDSA-SHA1+', 'ssh_etm = 0': 'etm@SSH = DISABLE_ETM', 'ssh_etm = 1': 'etm@SSH = ANY', 'ssh_etm@([^= ]+) = 0': 'etm@\\1 = DISABLE_ETM', 'ssh_etm@([^= ]+) = 1': 'etm@\\1 = ANY', } for fr, to in PLAIN_REPLACEMENTS.items(): regex = r'\b' + fr + r'\b' matches = {} for match in re.finditer(regex, text): matches[match.group(0)] = re.sub(regex, to, match.group(0)) for match_fr, match_to in matches.items(): warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to)) text = re.sub(regex, to, text) VALUE_REPLACEMENTS = { 'X25519-MLKEM768': 'MLKEM768-X25519', # RHEL-99813 } for fr, to in VALUE_REPLACEMENTS.items(): regex = r'\b' + fr + r'\b' matches = {} for match in re.finditer(regex, text): matches[match.group(0)] = re.sub(regex, to, match.group(0)) for match_fr, match_to in matches.items(): warnings.warn(PolicySyntaxDeprecationWarning(match_fr, match_to, what='value', onetoone=True)) text = re.sub(regex, to, text) dtls_versions = list(alg_lists.DTLS_PROTOCOLS[::-1]) while dtls_versions: neg = " ".join("-" + v for v in dtls_versions[:-1]) text = re.sub(r'\bmin_dtls_version = ' + dtls_versions[-1] + r'\b', f'protocol@TLS = {neg}' if neg else '', text) dtls_versions.pop() text = re.sub(r'\bmin_dtls_version = 0\b', '', text) tls_versions = list(alg_lists.TLS_PROTOCOLS[::-1]) while tls_versions: neg = " ".join("-" + v for v in tls_versions[:-1]) text = re.sub(r'\bmin_tls_version = ' + tls_versions[-1] + r'\b', f'protocol@TLS = {neg}' if neg else '', text) tls_versions.pop() return re.sub(r'\bmin_tls_version = 0\b', '', text) # Finally, constructing a policy class ScopedPolicy: """ An entity constructing lists of what's `.enabled` and what's `.disabled` when the given scopes are active. >>> sp = ScopedPolicy(parse_line('cipher@TLS = RC4* NULL'), {'tls'}) >>> 'AES-192-GCM' in sp.disabled['cipher'] True >>> sp.enabled['cipher'] ['RC4-40', 'RC4-128', 'NULL'] >>> ScopedPolicy(parse_line('min_dh_size=2048')).integers['min_dh_size'] 2048 """ def __init__(self, directives, relevant_scopes=None): relevant_scopes = relevant_scopes or set() self.integers = INT_DEFAULTS.copy() self.enums = {k: v[0] for k, v in ENUMS.items()} self.enabled = {prop_name: [] for prop_name in alg_lists.ALL} for directive in directives: # TODO: validate that the target exists ss = ScopeSelector(directive.scope) if ss.matches(relevant_scopes): if directive.operation == Operation.RESET: self.enabled[directive.prop_name] = [] elif directive.operation == Operation.APPEND: enabled = self.enabled[directive.prop_name] if directive.value not in enabled: enabled.append(directive.value) elif directive.operation == Operation.PREPEND: enabled = self.enabled[directive.prop_name] # in case of duplicates, remove the latter, lower-prio ones if directive.value in enabled: enabled.remove(directive.value) enabled.insert(0, directive.value) elif directive.operation == Operation.OMIT: self.enabled[directive.prop_name] = [ e for e in self.enabled[directive.prop_name] if e != directive.value ] elif directive.operation == Operation.SET_INT: self.integers[directive.prop_name] = directive.value else: assert directive.operation == Operation.SET_ENUM self.enums[directive.prop_name] = directive.value assert len(self.enabled) == len(set(self.enabled)) self.disabled = {prop_name: [e for e in alg_list if e not in self.enabled[prop_name]] for prop_name, alg_list in alg_lists.ALL.items()} @property def min_tls_version(self): return alg_lists.min_tls_version(self.enabled['protocol']) @property def max_tls_version(self): return alg_lists.max_tls_version(self.enabled['protocol']) @property def min_dtls_version(self): return alg_lists.min_dtls_version(self.enabled['protocol']) @property def max_dtls_version(self): return alg_lists.max_dtls_version(self.enabled['protocol']) # Locating policy files def lookup_file(policyname, fname, paths): for d in paths: p = os.path.join(d, fname) if os.access(p, os.R_OK): return p raise validation.PolicyFileNotFoundError(policyname, fname, paths) # main class class UnscopedCryptoPolicy: CONFIG_DIR = '/etc/crypto-policies' SHARE_DIR = '/usr/share/crypto-policies' def __init__(self, policy_name, *subpolicy_names, policydir=None): self.policydir = policydir self.policyname = ':'.join((policy_name, *subpolicy_names)) self.lines = [] directives = self.read_policy_file(policy_name) for subpolicy_name in subpolicy_names: directives += self.read_policy_file(subpolicy_name, subpolicy=True) self._directives = directives def is_empty(self): return not self._directives def scoped(self, scopes=None): return ScopedPolicy(self._directives, scopes or {}) @staticmethod def _for_in_lines_expwarn(lines, func): warn_on_experimental = True # reset between invocations ExpValWarning = validation.alg_lists.ExperimentalValueWarning r = [] for l in lines: if l == '# %suppress_experimental_value_warnings = true': warn_on_experimental = False elif l == '# %suppress_experimental_value_warnings = false': warn_on_experimental = True elif warn_on_experimental: r.append(func(l)) else: with warnings.catch_warnings(append=True): warnings.filterwarnings('ignore', category=ExpValWarning) r.append(func(l)) return r def read_policy_file(self, name, subpolicy=False): pdir = self.policydir or 'policies' if subpolicy: pdir = os.path.join(pdir, 'modules') p = lookup_file(name, name + ('.pol' if not subpolicy else '.pmod'), ( os.path.curdir, pdir, os.path.join(self.CONFIG_DIR, pdir), os.path.join(self.SHARE_DIR, pdir), )) # TODO: error handling with open(p, encoding='utf-8') as f: text = f.read() text = preprocess_text(text) lines = text.split('\n') # display several warnings at once, if there are any self._for_in_lines_expwarn(lines, lambda l: syntax_check_line(l, warn=True)) # crash, if there are any self._for_in_lines_expwarn(lines, syntax_check_line) # return [x for l in lines for x in parse_line(l)], # noqa: ERA001 # but with configurable experimental value warnings uppression r = self._for_in_lines_expwarn(lines, parse_line) return functools.reduce(operator.iadd, r) def __str__(self): def fmt(key, value): s = ' '.join(value) if isinstance(value, list) else str(value) return f'{key} = {s}'.rstrip() + '\n' generic_scoped = self.scoped() s = f'# Policy {self.policyname} dump\n' s += '#\n' s += '# Do not parse the contents of this file with automated tools,\n' s += '# it is provided for review convenience only.\n' s += '#\n' s += '# Baseline values for all scopes:\n' generic_all = {**generic_scoped.enabled, **generic_scoped.integers, **generic_scoped.enums} for prop_name, value in generic_all.items(): s += fmt(prop_name, value) anything_scope_specific = False for scope_name, (parent_scope, scope_set) in DUMPABLE_SCOPES.items(): specific_scoped = self.scoped(scopes=scope_set) specific_all = {**specific_scoped.enabled, **specific_scoped.integers, **specific_scoped.enums} if parent_scope is not None: _, parent_scope_set = DUMPABLE_SCOPES[parent_scope] parent_scoped = self.scoped(scopes=parent_scope_set) parent_all = {**parent_scoped.enabled, **parent_scoped.integers, **parent_scoped.enums} else: parent_scoped, parent_all = generic_scoped, generic_all for prop_name, value in specific_all.items(): if value != parent_all[prop_name]: if not anything_scope_specific: s += ('# Scope-specific properties ' 'derived for select backends:\n') anything_scope_specific = True s += fmt(f'{prop_name}@{scope_name}', value) if not anything_scope_specific: s += '# No scope-specific properties found.\n' return s crypto-policies-20251128.git19878fe/python/cryptopolicies/validation/000077500000000000000000000000001511230041100253325ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/python/cryptopolicies/validation/__init__.py000066400000000000000000000005161511230041100274450ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. from . import alg_lists, rules, scope from .general import PolicyFileNotFoundError, PolicySyntaxError, PolicyWarning __all__ = [ 'PolicyFileNotFoundError', 'PolicySyntaxError', 'PolicyWarning', 'alg_lists', 'rules', 'scope', ] crypto-policies-20251128.git19878fe/python/cryptopolicies/validation/alg_lists.py000066400000000000000000000020531511230041100276650ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. from .general import PolicySyntaxError, PolicyWarning class AlgorithmClassSyntaxError(PolicySyntaxError): pass class AlgorithmClassUnknownError(AlgorithmClassSyntaxError): def __init__(self, alg_class): # The wording follows the previous versions super().__init__(f'Unknown policy property: `{alg_class}`') class AlgorithmEmptyMatchError(AlgorithmClassSyntaxError): def __init__(self, glob, alg_class): # The wording follows the previous versions super().__init__(f'Bad value of policy property `{alg_class}`: ' f'`{glob}`') class ExperimentalValueWarning(PolicyWarning): def __init__(self, alg_class, values): msg = f'`{alg_class}` ' if len(values) == 1: msg += f'value `{values[0]}` is ' else: msg += f'values {", ".join(f"`{value}`" for value in values)} are ' msg += 'experimental and might go away in the future' super().__init__(msg) crypto-policies-20251128.git19878fe/python/cryptopolicies/validation/general.py000066400000000000000000000006421511230041100273230ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. class PolicyWarning(UserWarning): pass class PolicySyntaxError(ValueError, PolicyWarning): pass class PolicyFileNotFoundError(FileNotFoundError): def __init__(self, pname, fname, paths): super().__init__(f'Unknown policy `{pname}`: ' f'file `{fname}` not found in ({", ".join(paths)})') crypto-policies-20251128.git19878fe/python/cryptopolicies/validation/rules.py000066400000000000000000000026341511230041100270430ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. from .general import PolicySyntaxError class MalformedLineError(PolicySyntaxError): def __init__(self, line): super().__init__(f'malformed line `{line}`') class MixedDifferentialNonDifferentialError(PolicySyntaxError): def __init__(self, rhs): super().__init__('cannot initialize list and modify it at once ' f'(`{rhs}`)') class IntPropertyNonIntValueError(PolicySyntaxError): def __init__(self, int_property_name): # wording follows previous versions super().__init__(f'Bad value of policy property `{int_property_name}`:' ' value must be an integer') class NonIntPropertyIntValueError(PolicySyntaxError): def __init__(self, alg_class): # wording follows previous versions super().__init__(f'Bad value of policy property `{alg_class}`:' ' value must not be an integer') class BadEnumValueError(PolicySyntaxError): def __init__(self, enum_name, value, acceptable_values): super().__init__(f'Bad value of policy property `{enum_name}`:' f' {value}; must be one of {acceptable_values}') def count_equals_signs(line): if line.count('=') != 1: raise MalformedLineError(line) def empty_lhs(lhs, line): if not lhs: raise MalformedLineError(line) crypto-policies-20251128.git19878fe/python/cryptopolicies/validation/scope.py000066400000000000000000000036651511230041100270270ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import fnmatch from .general import PolicySyntaxError class ScopeSyntaxError(PolicySyntaxError): pass class ScopeUnknownError(ScopeSyntaxError): def __init__(self, scope_glob): super().__init__(f'unknown scope {scope_glob}') class ScopeSelectorEmptyError(ScopeSyntaxError): def __init__(self): super().__init__('empty scope selector') class ScopeSelectorIllegalCharacterError(ScopeSyntaxError): def __init__(self, selector): super().__init__(f'illegal character in scope selector `{selector}`') class ScopeSelectorCurlyBracketsError(ScopeSyntaxError): def __init__(self, pattern): super().__init__(f'unsupported curly brackets usage in `{pattern}`') class ScopeSelectorCommaError(ScopeSyntaxError): def __init__(self, pattern): super().__init__(f'unsupported comma usage in `{pattern}`') class ScopeSelectorMatchedNothingError(ScopeSyntaxError): def __init__(self, pattern): super().__init__(f'scope selector `{pattern}` matches no scope') def illegal_characters(p, original_pattern): if not all(c.isalnum() or c in '{,}*_-' for c in p): raise ScopeSelectorIllegalCharacterError(original_pattern) def curly_brackets(p, original_pattern): if ((p.count('{'), p.count('}')) not in {(0, 0), (1, 1)} or (p.startswith('{') and not p.endswith('}')) or (not p.startswith('{') and p.endswith('}'))): raise ScopeSelectorCurlyBracketsError(original_pattern) def resulting_globs(globs, all_scopes, original_pattern): if any(',' in g for g in globs): raise ScopeSelectorCommaError(original_pattern) for g in globs: if not g: raise ScopeSelectorEmptyError if not fnmatch.filter(all_scopes, g): if '*' in g: raise ScopeSelectorMatchedNothingError(g) raise ScopeUnknownError(g) crypto-policies-20251128.git19878fe/python/policygenerators/000077500000000000000000000000001511230041100235215ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/python/policygenerators/__init__.py000066400000000000000000000016071511230041100256360ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz from .bind import BindGenerator from .gnutls import GnuTLSGenerator from .java import JavaGenerator from .krb5 import KRB5Generator from .libreswan import LibreswanGenerator from .libssh import LibsshGenerator from .nss import NSSGenerator from .openssh import OpenSSHClientGenerator, OpenSSHServerGenerator from .openssl import OpenSSLFIPSGenerator, OpenSSLGenerator from .sequoia import RPMSequoiaGenerator, SequoiaGenerator __all__ = [ 'BindGenerator', 'GnuTLSGenerator', 'JavaGenerator', 'KRB5Generator', 'LibreswanGenerator', 'LibsshGenerator', 'NSSGenerator', 'OpenSSHClientGenerator', 'OpenSSHServerGenerator', 'OpenSSLFIPSGenerator', 'OpenSSLGenerator', 'RPMSequoiaGenerator', 'SequoiaGenerator', ] crypto-policies-20251128.git19878fe/python/policygenerators/bind.py000066400000000000000000000053321511230041100250120ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import os from subprocess import CalledProcessError, check_output from tempfile import mkstemp from .configgenerator import ConfigGenerator class BindGenerator(ConfigGenerator): CONFIG_NAME = 'bind' RELOAD_CMD = ('systemctl try-reload-or-restart bind.service 2>/dev/null ' '|| :\n') sign_not_map = { 'DSA-SHA1': ('DSA', 'NSEC3DSA'), 'RSA-SHA1': ('RSASHA1', 'NSEC3RSASHA1'), 'RSA-SHA2-256': ('RSASHA256',), 'RSA-SHA2-512': ('RSASHA512',), 'GOSTR341001': ('ECCGOST',), 'ECDSA-SHA2-256': ('ECDSAP256SHA256',), # + custom handling below 'ECDSA-SHA2-384': ('ECDSAP384SHA384',), # + custom handling below 'EDDSA-ED25519': ('ED25519',), 'EDDSA-ED448': ('ED448',), } hash_not_map = { 'SHA1': 'SHA-1', 'SHA2-256': 'SHA-256', 'SHA2-384': 'SHA-384', 'GOSTR94': 'GOST', } @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'dnssec', 'bind'}) ip = policy.disabled s = '' s += 'disable-algorithms "." {\n' s += 'RSAMD5;\n' # deprecated, disabled unconditionally for i in ip['sign']: try: for disabled_sign in cls.sign_not_map[i]: s += f'{disabled_sign};\n' except KeyError: pass if 'ECDSA-SHA2-256' not in ip['sign'] and 'SECP256R1' in ip['group']: s += 'ECDSAP256SHA256;\n' # additionally disabled on lack of P-256 if 'ECDSA-SHA2-384' not in ip['sign'] and 'SECP384R1' in ip['group']: s += 'ECDSAP384SHA384;\n' # additionally disabled on lack of P-384 s += '};\n' s += 'disable-ds-digests "." {\n' for i in ip['hash']: try: s += f'{cls.hash_not_map[i]};\n' except KeyError: pass s += '};\n' return s @classmethod def test_config(cls, config): fd, path = mkstemp() try: with os.fdopen(fd, 'w') as f: f.write('options {\n') f.write(config) f.write('\n};\n') try: _ = check_output(['/usr/sbin/named-checkconf', path]) except CalledProcessError: cls.eprint('There is an error in bind generated policy') cls.eprint(f'Policy:\n{config}') return False except OSError: # Ignore missing check command pass finally: os.unlink(path) return True crypto-policies-20251128.git19878fe/python/policygenerators/configgenerator.py000066400000000000000000000007201511230041100272460ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import sys class ConfigGenerator: RELOAD_CMD = '' @staticmethod def append(s, val, sep=':'): if s: if val: return s + sep + val return s return val @staticmethod def eprint(*args, **kwargs): print(*args, file=sys.stderr, **kwargs) crypto-policies-20251128.git19878fe/python/policygenerators/gnutls.py000066400000000000000000000246271511230041100254220ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz # # This generator targets GnuTLS with allowlisting support (newer than 3.7.2) import os import textwrap from subprocess import CalledProcessError, call from tempfile import mkstemp from .configgenerator import ConfigGenerator class GnuTLSGenerator(ConfigGenerator): CONFIG_NAME = 'gnutls' mac_map = { 'AEAD': 'AEAD', 'HMAC-SHA1': 'SHA1', 'HMAC-MD5': 'MD5', 'HMAC-SHA2-256': None, # not allowlisted over concerns that 'HMAC-SHA2-384': None, # implementation might be vulnerable to Lucky13 # https://gitlab.com/gnutls/gnutls/-/issues/503 'HMAC-SHA2-512': 'SHA512', } hash_map = { 'AEAD': 'AEAD', 'SHA1': 'SHA1', 'MD5': 'MD5', 'SHA2-224': 'SHA224', 'SHA2-256': 'SHA256', 'SHA2-384': 'SHA384', 'SHA2-512': 'SHA512', 'SHA3-224': 'SHA3-224', 'SHA3-256': 'SHA3-256', 'SHA3-384': 'SHA3-384', 'SHA3-512': 'SHA3-512', 'SHAKE-128': 'SHAKE-128', 'SHAKE-256': 'SHAKE-256', } group_map = { 'X448': 'GROUP-X448', 'X25519': 'GROUP-X25519', 'SECP256R1': 'GROUP-SECP256R1', 'SECP384R1': 'GROUP-SECP384R1', 'SECP521R1': 'GROUP-SECP521R1', 'FFDHE-6144': 'GROUP-FFDHE6144', 'FFDHE-2048': 'GROUP-FFDHE2048', 'FFDHE-3072': 'GROUP-FFDHE3072', 'FFDHE-4096': 'GROUP-FFDHE4096', 'FFDHE-8192': 'GROUP-FFDHE8192', 'MLKEM768-X25519': 'GROUP-X25519-MLKEM768', 'P256-MLKEM768': 'GROUP-SECP256R1-MLKEM768', 'P384-MLKEM1024': 'GROUP-SECP384R1-MLKEM1024', } group_curve_map = { 'X448': 'X448', 'X25519': 'X25519', 'SECP224R1': 'SECP224R1', 'SECP256R1': 'SECP256R1', 'SECP384R1': 'SECP384R1', 'SECP521R1': 'SECP521R1', 'MLKEM768-X25519': 'X25519', 'P256-MLKEM768': 'SECP256R1', 'P384-MLKEM1024': 'SECP384R1', } sign_curve_map = { 'EDDSA-ED448': 'Ed448', 'EDDSA-ED25519': 'Ed25519', } sign_map = { 'RSA-MD5': ['RSA-MD5'], 'RSA-SHA1': ['RSA-SHA1'], 'DSA-SHA1': ['DSA-SHA1'], 'ECDSA-SHA1': ['ECDSA-SHA1'], 'RSA-SHA2-224': ['RSA-SHA224'], 'DSA-SHA2-224': ['DSA-SHA224'], 'ECDSA-SHA2-224': ['ECDSA-SHA224'], 'RSA-SHA2-256': ['RSA-SHA256'], 'DSA-SHA2-256': ['DSA-SHA256'], 'ECDSA-SHA2-256': ['ECDSA-SHA256', 'ECDSA-SECP256R1-SHA256'], 'RSA-SHA2-384': ['RSA-SHA384'], 'DSA-SHA2-384': ['DSA-SHA384'], 'ECDSA-SHA2-384': ['ECDSA-SHA384', 'ECDSA-SECP384R1-SHA384'], 'RSA-SHA2-512': ['RSA-SHA512'], 'DSA-SHA2-512': ['DSA-SHA512'], 'ECDSA-SHA2-512': ['ECDSA-SHA512', 'ECDSA-SECP521R1-SHA512'], # These are only available under 3.6.3+ 'RSA-PSS-SHA2-256': ['RSA-PSS-SHA256'], 'RSA-PSS-SHA2-384': ['RSA-PSS-SHA384'], 'RSA-PSS-SHA2-512': ['RSA-PSS-SHA512'], 'RSA-PSS-RSAE-SHA2-256': ['RSA-PSS-RSAE-SHA256'], 'RSA-PSS-RSAE-SHA2-384': ['RSA-PSS-RSAE-SHA384'], 'RSA-PSS-RSAE-SHA2-512': ['RSA-PSS-RSAE-SHA512'], 'RSA-SHA3-224': ['RSA-SHA3-224'], 'DSA-SHA3-224': ['DSA-SHA3-224'], 'ECDSA-SHA3-224': ['ECDSA-SHA3-224'], 'RSA-SHA3-256': ['RSA-SHA3-256'], 'DSA-SHA3-256': ['DSA-SHA3-256'], 'ECDSA-SHA3-256': ['ECDSA-SHA3-256'], 'RSA-SHA3-384': ['RSA-SHA3-384'], 'DSA-SHA3-384': ['DSA-SHA3-384'], 'ECDSA-SHA3-384': ['ECDSA-SHA3-384'], 'RSA-SHA3-512': ['RSA-SHA3-512'], 'DSA-SHA3-512': ['DSA-SHA3-512'], 'ECDSA-SHA3-512': ['ECDSA-SHA3-512'], 'EDDSA-ED448': ['EdDSA-Ed448'], 'EDDSA-ED25519': ['EdDSA-Ed25519'], 'MLDSA44': ['ML-DSA-44'], 'MLDSA65': ['ML-DSA-65'], 'MLDSA87': ['ML-DSA-87'], } cipher_map = { 'AES-256-CTR': '', 'AES-128-CTR': '', 'AES-256-GCM': 'AES-256-GCM', 'AES-128-GCM': 'AES-128-GCM', 'AES-256-CCM': 'AES-256-CCM', 'AES-128-CCM': 'AES-128-CCM', 'AES-256-CBC': 'AES-256-CBC', 'AES-128-CBC': 'AES-128-CBC', 'CAMELLIA-256-GCM': 'CAMELLIA-256-GCM', 'CAMELLIA-128-GCM': 'CAMELLIA-128-GCM', 'CAMELLIA-256-CBC': 'CAMELLIA-256-CBC', 'CAMELLIA-128-CBC': 'CAMELLIA-128-CBC', 'CHACHA20-POLY1305': 'CHACHA20-POLY1305', '3DES-CBC': '3DES-CBC', 'RC4-128': 'ARCFOUR-128', } key_exchange_map = { # ECDHE is handled separately as it splits to ECDHE-ECDSA # and ECDHE-RSA. 'ECDHE': ('ECDHE-RSA', 'ECDHE-ECDSA'), 'RSA': ('RSA',), 'DHE-RSA': ('DHE-RSA',), 'DHE-DSS': ('DHE-DSS',), # PSK kexes are not allowlisted because enabling them "forces them": # * RSA-PSK precludes using TLS 1.3 # * others make gnutls-cli ask for PSK identity, # users should enable them explicitly anyway # (https://gitlab.com/gnutls/gnutls/-/issues/680) # 'PSK': 'PSK', # 'DHE-PSK': 'DHE-PSK', # 'ECDHE-PSK': 'ECDHE-PSK', # 'RSA-PSK': 'RSA-PSK', } protocol_map = { 'SSL3.0': 'SSL3.0', 'TLS1.0': 'TLS1.0', 'TLS1.1': 'TLS1.1', 'TLS1.2': 'TLS1.2', 'TLS1.3': 'TLS1.3', 'DTLS0.9': 'DTLS0.9', 'DTLS1.0': 'DTLS1.0', 'DTLS1.2': 'DTLS1.2' } @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'tls', 'ssl', 'gnutls'}) p = policy.enabled s = textwrap.dedent(''' [global] override-mode = allowlist [overrides] ''').lstrip() if p['hash']: for i in p['hash']: try: if cls.hash_map[i]: s += 'secure-hash = ' s += cls.hash_map[i] s += '\n' except KeyError: pass if p['mac']: for i in p['mac']: try: if cls.mac_map[i]: s += 'tls-enabled-mac = ' s += cls.mac_map[i] s += '\n' except KeyError: pass for i in p['group']: if i in cls.group_map: s += f'tls-enabled-group = {cls.group_map[i]}\n' sigs = [cls.sign_map[i] for i in p['sign'] if i in cls.sign_map] for i in sigs: for j in i: s += f'secure-sig = {j}\n' for i in sigs: for j in i: s += f'secure-sig-for-cert = {j}\n' if policy.integers['sha1_in_certs']: s += 'secure-sig-for-cert = rsa-sha1\n' s += 'secure-sig-for-cert = dsa-sha1\n' s += 'secure-sig-for-cert = ecdsa-sha1\n' # with allowlisting, curves now need to be enabled separately enabled_curves = [] for i in p['group']: if i in cls.group_curve_map: c = cls.group_curve_map[i] if c not in enabled_curves: enabled_curves.append(c) for i in p['sign']: if i in cls.sign_curve_map: c = cls.sign_curve_map[i] if c not in enabled_curves: enabled_curves.append(c) for c in enabled_curves: s += f'enabled-curve = {c}\n' if p['cipher']: for i in p['cipher']: try: if cls.cipher_map[i]: s += 'tls-enabled-cipher = ' s += cls.cipher_map[i] s += '\n' except KeyError: pass for i in p['key_exchange']: if i in cls.key_exchange_map: for kx in cls.key_exchange_map[i]: s += f'tls-enabled-kx = {kx}\n' for i in p['protocol']: if i in cls.protocol_map: s += f'enabled-version = {cls.protocol_map[i]}\n' # option not in Fedora yet, default to True if policy.enums['__ems'] == 'ENFORCE': s += 'tls-session-hash = require\n' elif policy.enums['__ems'] == 'RELAX': s += 'tls-session-hash = request\n' elif policy.enums['__ems'] == 'DEFAULT': pass # let the library determine a fitting default # We cannot separate RSA strength from DH params. min_dh_size = policy.integers['min_dh_size'] min_rsa_size = policy.integers['min_rsa_size'] if min_dh_size <= 768 or min_rsa_size <= 768: s += 'min-verification-profile = very_weak' elif min_dh_size <= 1024 or min_rsa_size <= 1024: s += 'min-verification-profile = low' elif min_dh_size <= 2048 or min_rsa_size <= 2048: s += 'min-verification-profile = medium' elif min_dh_size <= 3072 or min_rsa_size <= 3072: s += 'min-verification-profile = high' elif min_dh_size <= 8192 or min_rsa_size <= 8192: s += 'min-verification-profile = ultra' else: s += 'min-verification-profile = future' s += '\n\n[priorities]\nSYSTEM=NONE\n' return s @classmethod def test_config(cls, config): if os.getenv('OLD_GNUTLS') == '1': return True if not os.access('/usr/bin/gnutls-cli', os.X_OK): return True fd, path = mkstemp() ret = 255 try: with os.fdopen(fd, 'w') as f: f.write(config) try: os.environ['GNUTLS_SYSTEM_PRIORITY_FILE'] = path os.environ['GNUTLS_DEBUG_LEVEL'] = '3' os.environ['GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID'] = '1' ret = call('/usr/bin/gnutls-cli -l >/dev/null', shell=True) except CalledProcessError: cls.eprint("/usr/bin/gnutls-cli: Execution failed") finally: del os.environ['GNUTLS_SYSTEM_PRIORITY_FILE'] del os.environ['GNUTLS_DEBUG_LEVEL'] del os.environ['GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID'] os.unlink(path) if ret: cls.eprint('There is an error in gnutls generated policy') cls.eprint(f'Policy:\n{config}') return False return True crypto-policies-20251128.git19878fe/python/policygenerators/java.py000066400000000000000000000173551511230041100250270ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz from .configgenerator import ConfigGenerator class JavaGenerator(ConfigGenerator): CONFIG_NAME = 'java' hash_not_map = { 'MD2': 'MD2', 'MD5': 'MD5', 'SHA1': 'SHA1', 'SHA2-224': 'SHA224', 'SHA2-256': 'SHA256', 'SHA2-384': 'SHA384', 'SHA2-512': 'SHA512', 'SHA3-256': 'SHA3_256', 'SHA3-384': 'SHA3_384', 'SHA3-512': 'SHA3_512', 'SHAKE-128': '', 'SHAKE-256': '', 'GOSTR94': '' } cipher_not_map = { 'AES-256-CTR': '', 'AES-128-CTR': '', 'CHACHA20-POLY1305': 'ChaCha20-Poly1305', 'CAMELLIA-256-GCM': '', 'CAMELLIA-128-GCM': '', 'CAMELLIA-256-CBC': '', 'CAMELLIA-128-CBC': '', 'AES-256-CBC': 'AES_256_CBC', 'AES-128-CBC': 'AES_128_CBC', 'AES-256-GCM': 'AES_256_GCM', 'AES-128-GCM': 'AES_128_GCM', 'AES-256-CCM': 'AES_256_CCM', 'AES-128-CCM': 'AES_128_CCM', 'RC4-128': 'RC4_128', 'RC4-40': 'RC4_40', 'RC2-CBC': 'RC2', 'DES-CBC': 'DES_CBC', 'DES40-CBC': 'DES40_CBC', '3DES-CBC': '3DES_EDE_CBC', 'SEED-CBC': '', 'IDEA-CBC': '', 'NULL': 'anon, NULL' } cipher_legacy_map = { 'RC4-128': 'RC4_128', '3DES-CBC': '3DES_EDE_CBC', } key_exchange_not_map = { 'EXPORT': ', '.join(( # noqa: FLY002 'RSA_EXPORT', 'DHE_DSS_EXPORT', 'DHE_RSA_EXPORT', 'DH_DSS_EXPORT', 'DH_RSA_EXPORT', )), 'DH': 'DH_RSA, DH_DSS', 'ANON': 'DH_anon, ECDH_anon', 'RSA': ', '.join(( # noqa: FLY002 'TLS_RSA_WITH_AES_256_CBC_SHA256', 'TLS_RSA_WITH_AES_256_CBC_SHA', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', )), 'DHE-RSA': 'DHE_RSA', 'DHE-DSS': 'DHE_DSS', 'ECDHE': 'ECDHE', 'ECDH': 'ECDH', 'PSK': '', 'DHE-PSK': '', 'ECDHE-PSK': '', 'RSA-PSK': 'RSAPSK' } group_not_map = { 'X25519': 'x25519', 'SECP256R1': 'secp256r1', 'SECP384R1': 'secp384r1', 'SECP521R1': 'secp521r1', 'X448': 'x448', 'FFDHE-2048': 'ffdhe2048', 'FFDHE-3072': 'ffdhe3072', 'FFDHE-4096': 'ffdhe4096', 'FFDHE-6144': 'ffdhe6144', 'FFDHE-8192': 'ffdhe8192', 'BRAINPOOL-P256R1': 'brainpoolP256r1', # brainpoolP320r1 - unconditionally disabled 'BRAINPOOL-P384R1': 'brainpoolP384r1', 'BRAINPOOL-P512R1': 'brainpoolP512r1', } group_always_disabled = [ 'secp112r1', 'secp112r2', 'secp128r1', 'secp128r2', 'secp160k1', 'secp160r1', 'secp160r2', 'secp192k1', 'secp192r1', 'secp224k1', 'secp224r1', 'secp256k1', 'sect113r1', 'sect113r2', 'sect131r1', 'sect131r2', 'sect163k1', 'sect163r1', 'sect163r2', 'sect193r1', 'sect193r2', 'sect233k1', 'sect233r1', 'sect239k1', 'sect283k1', 'sect283r1', 'sect409k1', 'sect409r1', 'sect571k1', 'sect571r1', 'X9.62 c2tnb191v1', 'X9.62 c2tnb191v2', 'X9.62 c2tnb191v3', 'X9.62 c2tnb239v1', 'X9.62 c2tnb239v2', 'X9.62 c2tnb239v3', 'X9.62 c2tnb359v1', 'X9.62 c2tnb431r1', 'X9.62 prime192v2', 'X9.62 prime192v3', 'X9.62 prime239v1', 'X9.62 prime239v2', 'X9.62 prime239v3', 'brainpoolP320r1', ] sign_not_map = { 'RSA-MD5': 'MD5withRSA', 'RSA-SHA1': 'SHA1withRSA', 'DSA-SHA1': 'SHA1withDSA', 'ECDSA-SHA1': 'SHA1withECDSA', 'RSA-SHA2-224': 'SHA224withRSA', 'DSA-SHA2-224': 'SHA224withDSA', 'ECDSA-SHA2-224': 'SHA224withECDSA', 'RSA-SHA2-256': 'SHA256withRSA', 'DSA-SHA2-256': 'SHA256withDSA', 'ECDSA-SHA2-256': 'SHA256withECDSA', 'RSA-SHA2-384': 'SHA384withRSA', 'DSA-SHA2-384': 'SHA384withDSA', 'ECDSA-SHA2-384': 'SHA384withECDSA', 'RSA-SHA2-512': 'SHA512withRSA', 'DSA-SHA2-512': 'SHA512withDSA', 'ECDSA-SHA2-512': 'SHA512withECDSA', 'EDDSA-ED25519': 'Ed25519', 'EDDSA-ED448': 'Ed448', 'RSA-PSS-SHA1': 'SHA1withRSAandMGF1', 'RSA-PSS-SHA2-224': 'SHA224withRSAandMGF1', 'RSA-PSS-SHA2-256': 'SHA256withRSAandMGF1', 'RSA-PSS-SHA2-384': 'SHA384withRSAandMGF1', 'RSA-PSS-SHA2-512': 'SHA512withRSAandMGF1', } protocol_not_map = { 'SSL2.0': 'SSLv2', 'SSL3.0': 'SSLv3', 'TLS1.0': 'TLSv1', 'TLS1.1': 'TLSv1.1', 'TLS1.2': 'TLSv1.2', 'DTLS1.0': 'DTLSv1.0', 'DTLS1.2': '' } mac_not_map = { 'AEAD': '', 'HMAC-MD5': 'HmacMD5', 'HMAC-SHA1': 'HmacSHA1', 'HMAC-SHA2-256': 'HmacSHA256', 'HMAC-SHA2-384': 'HmacSHA384', 'HMAC-SHA2-512': 'HmacSHA512', } @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'tls', 'ssl', 'java-tls'}) p = policy.enabled ip = policy.disabled sep = ', ' shared = [ # unconditionally disabled 'MD2', 'MD5withDSA', 'MD5withECDSA' 'RIPEMD160withRSA', 'RIPEMD160withECDSA', 'RIPEMD160withRSAandMGF1', ] for i in ip['sign']: try: shared.append(cls.sign_not_map[i]) except KeyError: pass def keysize(keyword, size): return f'{keyword} keySize < {size}' if size else keyword shared.append(keysize('RSA', policy.integers['min_rsa_size'])) shared.append(keysize('DSA', policy.integers['min_dsa_size'])) shared.append(keysize('DH', policy.integers['min_dh_size'])) shared.append(keysize('EC', policy.integers['min_ec_size'])) cfg = f'jdk.certpath.disabledAlgorithms={", ".join(shared)}' for i in ip['hash']: try: cfg = cls.append(cfg, cls.hash_not_map[i], sep) except KeyError: pass cfg += f'\njdk.tls.disabledAlgorithms={", ".join(shared)}' # https://bugs.openjdk.org/browse/JDK-8236730 cfg = cls.append(cfg, 'include jdk.disabled.namedCurves', sep) for i in ip['protocol']: try: cfg = cls.append(cfg, cls.protocol_not_map[i], sep) except KeyError: pass for i in ip['key_exchange']: try: cfg = cls.append(cfg, cls.key_exchange_not_map[i], sep) except KeyError: pass for i in ip['cipher']: try: cfg = cls.append(cfg, cls.cipher_not_map[i], sep) except KeyError: pass for i in ip['mac']: try: cfg = cls.append(cfg, cls.mac_not_map[i], sep) except KeyError: pass cfg += '\n' s = '' for i in ip['group']: try: s = cls.append(s, cls.group_not_map[i], sep) except KeyError: pass for g in cls.group_always_disabled: s = cls.append(s, g, sep) cfg += f'jdk.disabled.namedCurves={s}\n' s = '' for i in p['cipher']: try: s = cls.append(s, cls.cipher_legacy_map[i], sep) except KeyError: pass cfg += f'jdk.tls.legacyAlgorithms={s}\n' return cfg @classmethod def test_config(cls, config): # pylint: disable=unused-argument return True crypto-policies-20251128.git19878fe/python/policygenerators/krb5.py000066400000000000000000000037101511230041100247370ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz from .configgenerator import ConfigGenerator class KRB5Generator(ConfigGenerator): CONFIG_NAME = 'krb5' cipher_map = { 'CAMELLIA-256-CBC': 'camellia256-cts-cmac', 'CAMELLIA-128-CBC': 'camellia128-cts-cmac', 'CAMELLIA-128-CTS': 'camellia128-cts-cmac', # RC4 is enabled separately } cipher_mac_map = { 'AES-256-CBC-HMAC-SHA1': 'aes256-cts-hmac-sha1-96', 'AES-256-CBC-HMAC-SHA2-384': 'aes256-cts-hmac-sha384-192', 'AES-128-CBC-HMAC-SHA1': 'aes128-cts-hmac-sha1-96', 'AES-128-CBC-HMAC-SHA2-256': 'aes128-cts-hmac-sha256-128', # RC4 is enabled separately } @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'kerberos', 'krb5'}) p = policy.enabled sep = ' ' cfg = '[libdefaults]\n' cfg += 'permitted_enctypes = ' s = '' for j in p['mac']: for i in p['cipher']: try: s = cls.append(s, cls.cipher_mac_map[i + '-' + j], sep) except KeyError: pass for i in p['cipher']: try: s = cls.append(s, cls.cipher_map[i], sep) except KeyError: pass if 'RC4-128' in p['cipher'] and 'MD5' in p['hash']: s = cls.append(s, 'arcfour-hmac-md5', sep) cfg += s + '\n' # By default libkrb5 sets the min_bits to 2048, don't # go lower than that. if policy.integers['min_dh_size'] > 2048: # $string .= "pkinit_dh_min_bits=$min_dh_size\n"; # krb5.conf only accepts 2048 or 4096 cfg += 'pkinit_dh_min_bits=4096\n' return cfg @classmethod def test_config(cls, config): # pylint: disable=unused-argument return True crypto-policies-20251128.git19878fe/python/policygenerators/libreswan.py000066400000000000000000000170101511230041100260600ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import os from subprocess import CalledProcessError, call from tempfile import mkstemp from .configgenerator import ConfigGenerator class LibreswanGenerator(ConfigGenerator): CONFIG_NAME = 'libreswan' RELOAD_CMD = 'systemctl try-restart ipsec.service 2>/dev/null || :\n' group_map = { 'X448': '', 'X25519': 'dh31', 'SECP256R1': 'dh19', 'SECP384R1': 'dh20', 'SECP521R1': 'dh21', 'FFDHE-6144': '', 'FFDHE-1536': 'dh5', 'FFDHE-2048': 'dh14', 'FFDHE-3072': 'dh15', 'FFDHE-4096': 'dh16', 'FFDHE-8192': 'dh18' } cipher_map = { 'AES-256-CBC': 'aes256', 'AES-192-CBC': 'aes192', 'AES-128-CBC': 'aes128', 'AES-256-GCM': 'aes_gcm256', 'AES-192-GCM': 'aes_gcm192', 'AES-128-GCM': 'aes_gcm128', 'CHACHA20-POLY1305': 'chacha20_poly1305' # Unused for IKEv2 # '3DES-CBC':'3des' } cipher_prf_map = { 'AES-256-CBC-HMAC-SHA2-512': 'sha2_512', 'AES-256-CBC-HMAC-SHA2-256': 'sha2_256', 'AES-192-CBC-HMAC-SHA2-512': 'sha2_512', 'AES-192-CBC-HMAC-SHA2-256': 'sha2_256', 'AES-128-CBC-HMAC-SHA2-256': 'sha2_256', # Not needed for IKEv2 # 'AES-256-CBC-HMAC-SHA1':'sha1', # 'AES-128-CBC-HMAC-SHA1':'sha1', 'AES-256-GCM-HMAC-SHA2-512': 'sha2_512', 'AES-256-GCM-HMAC-SHA2-256': 'sha2_256', 'AES-192-GCM-HMAC-SHA2-512': 'sha2_512', 'AES-192-GCM-HMAC-SHA2-256': 'sha2_256', 'AES-128-GCM-HMAC-SHA2-512': 'sha2_512', 'AES-128-GCM-HMAC-SHA2-256': 'sha2_256', 'CHACHA20-POLY1305-HMAC-SHA2-512': 'sha2_512', 'CHACHA20-POLY1305-HMAC-SHA2-256': 'sha2_256' # '3DES-CBC-HMAC-SHA1':'sha1' } cipher_mac_map = { 'AES-256-CBC-HMAC-SHA2-512': 'sha2_512', 'AES-192-CBC-HMAC-SHA2-512': 'sha2_512', 'AES-256-CBC-HMAC-SHA2-256': 'sha2_256', 'AES-192-CBC-HMAC-SHA2-256': 'sha2_256', 'AES-128-CBC-HMAC-SHA2-256': 'sha2_256', 'AES-256-CBC-HMAC-SHA1': 'sha1', 'AES-192-CBC-HMAC-SHA1': 'sha1', 'AES-128-CBC-HMAC-SHA1': 'sha1', 'AES-256-GCM-AEAD': '', 'AES-192-GCM-AEAD': '', 'AES-128-GCM-AEAD': '', 'CHACHA20-POLY1305-AEAD': '' # '3DES-CBC-HMAC-SHA1':'3des-sha1' } sign_map = { 'RSA-SHA1': 'rsa-sha1', 'ECDSA-SHA2-256': 'ecdsa-sha2_256', 'ECDSA-SHA2-384': 'ecdsa-sha2_384', 'ECDSA-SHA2-512': 'ecdsa-sha2_512', 'RSA-PSS-SHA2-256': 'rsa-sha2_256', 'RSA-PSS-SHA2-384': 'rsa-sha2_384', 'RSA-PSS-SHA2-512': 'rsa-sha2_512', 'RSA-PSS-RSAE-SHA2-256': 'rsa-sha2_256', 'RSA-PSS-RSAE-SHA2-384': 'rsa-sha2_384', 'RSA-PSS-RSAE-SHA2-512': 'rsa-sha2_512' } mac_ike_prio_map = { 'AEAD': 0, 'HMAC-SHA2-512': 1, 'HMAC-SHA2-256': 2, 'HMAC-SHA1': 3 } mac_esp_prio_map = { 'AEAD': 0, 'HMAC-SHA2-512': 1, 'HMAC-SHA1': 2, 'HMAC-SHA2-256': 3 } group_prio_map = { # sorted() guarantees stable order so we just put the two # most common groups first to avoid extra roundtrips 'SECP256R1': 0, 'FFDHE-2048': 1 } @classmethod def __get_ike_prio(cls, key): # pylint: disable=unused-private-member if key not in cls.mac_ike_prio_map: return 99 return cls.mac_ike_prio_map[key] @classmethod def __get_esp_prio(cls, key): # pylint: disable=unused-private-member if key not in cls.mac_esp_prio_map: return 99 return cls.mac_esp_prio_map[key] @classmethod def __get_group_prio(cls, key): # pylint: disable=unused-private-member if key not in cls.group_prio_map: return 99 return cls.group_prio_map[key] @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'ipsec', 'ike', 'libreswan'}) cfg = 'conn %default\n' sep = ',' p = policy.enabled s = '' proto = [x for x in p['protocol'] if x.startswith('IKE')] if 'IKEv2' in proto: s = '' elif 'IKEv1' in proto: # and 'IKEv2' not in proto s = 'ikev2=never' # will be keyexchange=ikev1 in librenswan 5.0+ if s: cfg += '\t' + s + '\n' sorted_macs = sorted(p['mac'], key=cls.__get_ike_prio) sorted_groups = sorted(p['group'], key=cls.__get_group_prio) tmp = '' for cipher in p['cipher']: try: cm = cls.cipher_map[cipher] except KeyError: continue combo = cm + '-' s = '' for mac in sorted_macs: try: mm = cls.cipher_prf_map[cipher + '-' + mac] except KeyError: continue s = cls.append(s, mm, '+') if not s: continue combo += s s = '' for i in sorted_groups: try: group = cls.group_map[i] except KeyError: continue s = cls.append(s, group, '+') combo = cls.append(combo, s, '-') tmp = cls.append(tmp, combo, sep) if tmp: cfg += '\tike=' + tmp + '\n' sorted_macs = sorted(p['mac'], key=cls.__get_esp_prio) tmp = '' for cipher in p['cipher']: try: cm = cls.cipher_map[cipher] except KeyError: continue combo = cm + '-' s = '' for mac in sorted_macs: try: mm = cls.cipher_mac_map[cipher + '-' + mac] except KeyError: continue if not mm: # Special handling for AEAD combo = cm break s = cls.append(s, mm, '+') combo += s if combo[-1:] == '-': continue tmp = cls.append(tmp, combo, sep) if tmp: cfg += '\tesp=' + tmp + '\n' tmp = '' sigalgs = set() for sign in p['sign']: try: sm = cls.sign_map[sign] except KeyError: continue if sm not in sigalgs: sigalgs.add(sm) tmp = cls.append(tmp, sm, sep) if tmp: cfg += '\tauthby=' + tmp + '\n' return cfg @classmethod def test_config(cls, config): if os.getenv('OLD_LIBRESWAN') == '1': return True if not os.access('/usr/sbin/ipsec', os.X_OK): return True fd, path = mkstemp() ret = 255 try: with os.fdopen(fd, 'w') as f: f.write(config) try: ret = call(f'/usr/sbin/ipsec readwriteconf --config {path}' ' >/dev/null', shell=True) except CalledProcessError: cls.eprint("/usr/sbin/ipsec: Execution failed") finally: os.unlink(path) if ret: cls.eprint('There is an error in libreswan generated policy') cls.eprint(f'Policy:\n{config}') return False return True crypto-policies-20251128.git19878fe/python/policygenerators/libssh.py000066400000000000000000000127661511230041100253730ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz from .configgenerator import ConfigGenerator class LibsshGenerator(ConfigGenerator): CONFIG_NAME = 'libssh' cipher_map = { 'AES-256-GCM': 'aes256-gcm@openssh.com', 'AES-256-CTR': 'aes256-ctr', 'AES-192-GCM': '', # not supported 'AES-192-CTR': 'aes192-ctr', 'AES-128-GCM': 'aes128-gcm@openssh.com', 'AES-128-CTR': 'aes128-ctr', 'CHACHA20-POLY1305': 'chacha20-poly1305@openssh.com', 'CAMELLIA-256-GCM': '', 'AES-256-CCM': '', 'AES-192-CCM': '', 'AES-128-CCM': '', 'CAMELLIA-128-GCM': '', 'AES-256-CBC': 'aes256-cbc', 'AES-192-CBC': 'aes192-cbc', 'AES-128-CBC': 'aes128-cbc', 'CAMELLIA-256-CBC': '', 'CAMELLIA-128-CBC': '', 'RC4-128': '', 'DES-CBC': '', 'CAMELLIA-128-CTS': '', '3DES-CBC': '3des-cbc' } mac_map_etm = { 'HMAC-MD5': '', 'UMAC-64': '', 'UMAC-128': '', 'HMAC-SHA1': 'hmac-sha1-etm@openssh.com', 'HMAC-SHA2-256': 'hmac-sha2-256-etm@openssh.com', 'HMAC-SHA2-512': 'hmac-sha2-512-etm@openssh.com' } mac_map = { 'HMAC-MD5': '', 'UMAC-64': '', 'UMAC-128': '', 'HMAC-SHA1': 'hmac-sha1', 'HMAC-SHA2-256': 'hmac-sha2-256', 'HMAC-SHA2-512': 'hmac-sha2-512' } kx_map = { ('ECDHE', 'SECP521R1', 'SHA2-512'): ('ecdh-sha2-nistp521',), ('ECDHE', 'SECP384R1', 'SHA2-384'): ('ecdh-sha2-nistp384',), ('ECDHE', 'SECP256R1', 'SHA2-256'): ('ecdh-sha2-nistp256',), ('ECDHE', 'X25519', 'SHA2-256'): ( 'curve25519-sha256', 'curve25519-sha256@libssh.org', ), ('DHE', 'FFDHE-1024', 'SHA1'): ('diffie-hellman-group1-sha1',), ('DHE', 'FFDHE-2048', 'SHA1'): ('diffie-hellman-group14-sha1',), ('DHE', 'FFDHE-2048', 'SHA2-256'): ('diffie-hellman-group14-sha256',), ('DHE', 'FFDHE-4096', 'SHA2-512'): ('diffie-hellman-group16-sha512',), ('DHE', 'FFDHE-8192', 'SHA2-512'): ('diffie-hellman-group18-sha512',), } gx_map = { ('DHE', 'SHA1'): ('diffie-hellman-group-exchange-sha1',), ('DHE', 'SHA2-256'): ('diffie-hellman-group-exchange-sha256',), } sign_map = { 'RSA-SHA1': 'ssh-rsa', 'DSA-SHA1': 'ssh-dss', 'RSA-SHA2-256': 'rsa-sha2-256', 'RSA-SHA2-512': 'rsa-sha2-512', 'ECDSA-SHA2-256': 'ecdsa-sha2-nistp256', 'ECDSA-SHA2-256-FIDO': 'sk-ecdsa-sha2-nistp256@openssh.com', 'ECDSA-SHA2-384': 'ecdsa-sha2-nistp384', 'ECDSA-SHA2-512': 'ecdsa-sha2-nistp521', 'EDDSA-ED25519': 'ssh-ed25519', 'EDDSA-ED25519-FIDO': 'sk-ssh-ed25519@openssh.com', } sign_map_certs = { 'RSA-SHA1': 'ssh-rsa-cert-v01@openssh.com', 'DSA-SHA1': 'ssh-dss-cert-v01@openssh.com', 'RSA-SHA2-256': 'rsa-sha2-256-cert-v01@openssh.com', 'RSA-SHA2-512': 'rsa-sha2-512-cert-v01@openssh.com', 'ECDSA-SHA2-256': 'ecdsa-sha2-nistp256-cert-v01@openssh.com', 'ECDSA-SHA2-256-FIDO': 'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com', 'ECDSA-SHA2-384': 'ecdsa-sha2-nistp384-cert-v01@openssh.com', 'ECDSA-SHA2-512': 'ecdsa-sha2-nistp521-cert-v01@openssh.com', 'EDDSA-ED25519': 'ssh-ed25519-cert-v01@openssh.com', 'EDDSA-ED25519-FIDO': 'sk-ssh-ed25519-cert-v01@openssh.com', } @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'ssh', 'libssh'}) p = policy.enabled cfg = '' sep = ',' s = '' for i in p['cipher']: try: s = cls.append(s, cls.cipher_map[i], sep) except KeyError: pass if s: cfg += f'Ciphers {s}\n' s = '' if policy.enums['etm'] != 'DISABLE_ETM': for i in p['mac']: try: s = cls.append(s, cls.mac_map_etm[i], sep) except KeyError: pass if policy.enums['etm'] != 'DISABLE_NON_ETM': for i in p['mac']: try: s = cls.append(s, cls.mac_map[i], sep) except KeyError: pass if s: cfg += f'MACs {s}\n' kxs = [] for kx in p['key_exchange']: for h in p['hash']: if policy.integers['arbitrary_dh_groups']: try: kxs.extend(cls.gx_map[(kx, h)]) except KeyError: pass for g in p['group']: try: kxs.extend(cls.kx_map[(kx, g, h)]) except KeyError: pass if kxs: cfg += f'KexAlgorithms {",".join(kxs)}\n' s = '' for i in p['sign']: try: s = cls.append(s, cls.sign_map[i], sep) except KeyError: pass if policy.integers['ssh_certs']: try: s = cls.append(s, cls.sign_map_certs[i], sep) except KeyError: pass if s: cfg += f'HostKeyAlgorithms {s}\n' cfg += f'PubkeyAcceptedKeyTypes {s}\n' return cfg @classmethod def test_config(cls, config): # pylint: disable=unused-argument return True crypto-policies-20251128.git19878fe/python/policygenerators/nss.py000066400000000000000000000440121511230041100246770ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import collections import ctypes import ctypes.util import os import shutil from subprocess import CalledProcessError, call from tempfile import mkstemp from .configgenerator import ConfigGenerator NSS_P11_KIT_PROXY = ''' library=p11-kit-proxy.so name=p11-kit-proxy ''' # policy mapping as of 3.101 (lib/pk11wrap/pk11pars.c): # # ssl: NSS_USE_ALG_IN_SSL # ssl-key-exchange: NSS_USE_ALG_IN_SSL_KX # key-exchange: NSS_USE_ALG_IN_KEY_EXCHANGE # cert-signature: NSS_USE_ALG_IN_CERT_SIGNATURE # smime-signature, cms-signature: NSS_USE_ALG_IN_SMIME_SIGNATURE # all-signature: NSS_USE_ALG_IN_SIGNATURE (cert-, smime-, signature) # pkcs12: NSS_USE_ALG_IN_PKCS12 # (-legacy | encrypt) # pkcs12-legacy: NSS_USE_ALG_IN_PKCS12_DECRYPT # for use in allow # pkcs12-encrypt: NSS_USE_ALG_IN_PKCS12_ENCRYPT # for use in disallow # smime: NSS_USE_ALG_IN_SMIME # (-legacy | -encrypt) # smime-legacy: NSS_USE_ALG_IN_SMIME_LEGACY # for use in allow # smime-encrypt: NSS_USE_ALG_IN_SMIME_ENCRYPT # for use in disallow # smime-key-exchange: NSS_USE_ALG_IN_SMIME_KX # (-legacy | -encrypt}) # smime-key-exchange-legacy: NSS_USE_ALG_IN_SMIME_KX_LEGACY # for use in allow # smime-key-exchange-encrypt: NSS_USE_ALG_IN_SMIME_KX_ENCRYPT # for disallow # signature: NSS_USE_ALG_IN_ANY_SIGNATURE # same as all-signature in disallow # # is needed for smime and cert # legacy: NSS_USE_ALG_IN_PKCS12_DECRYPT # | NSS_USE_ALG_IN_SMIME_LEGACY # | NSS_USE_ALG_IN_SMIME_KX_LEGACY # all: NSS_USE_ALG_IN_SSL # (ssl) # | NSS_USE_ALG_IN_SSL_KX # (ssl-key-exchange) # | NSS_USE_ALG_IN_PKCS12 # (pkcs12) # | NSS_USE_ALG_IN_SMIME # (smime) # | NSS_USE_ALG_IN_SIGNATURE # (signature) # | NSS_USE_ALG_IN_SMIME_KX # (smime-key-exchange) # none: 0 class PurposeDeduplicator: """Shorten the list of enabled algorithm/purpose pairs. For example, given a rule set of * ('pkcs12', 'pkcs12-legacy') -> 'pkcs12' * ('ssl', 'pkcs12') -> 'all' it'll shorten ('hmac-md5', 'pkcs12'), ('hmac-md5', 'pkcs12-legacy'), 'hmac-md5', 'ssl') to just 'hmac-md5'. The order of the first insertion is preserved. It was decided to be OK to merge all currently known purposes into '/all', even though in the future there could be more purposes added, since: 1. the list of purposes doesn't change often, and then we should update c-p 2. this will only result in overenablement for algorithms that the administrator already trusts for all currently known purposes, and it's likely that they trust it for the new purpose as well """ def __init__(self, rulemap): self._alg_purpose_map = collections.defaultdict(list) self._rulemap = rulemap def add(self, alg, purpose): self._alg_purpose_map[alg].append(purpose) @staticmethod def _deduplicate_single_rule(purpose_list, purposes_separate, purpose_combined): new_purpose_list = [] for purpose in purpose_list: if 'all' in new_purpose_list: continue if purpose in new_purpose_list: continue match = (purpose in purposes_separate and all(p in purpose_list for p in purposes_separate)) if match: if purpose_combined in new_purpose_list: continue new_purpose_list.append(purpose_combined) else: new_purpose_list.append(purpose) return new_purpose_list def _deduplicate_purpose_list(self, purpose_list): prev_purpose_list = None while purpose_list != prev_purpose_list: for purposes_separate, purpose_combined in self._rulemap.items(): purpose_list = self._deduplicate_single_rule(purpose_list, purposes_separate, purpose_combined) prev_purpose_list = purpose_list return purpose_list def deduplicated(self): deduplicated_alg_purpose_map = { alg: self._deduplicate_purpose_list(purpose_list) for alg, purpose_list in self._alg_purpose_map.items() } return (f'{alg}/{",".join(purposes)}' if purposes != ['all'] else alg for alg, purposes in deduplicated_alg_purpose_map.items()) class NSSGenerator(ConfigGenerator): CONFIG_NAME = 'nss' mac_map = { 'HMAC-SHA1': 'HMAC-SHA1', 'HMAC-MD5': 'HMAC-MD5', 'HMAC-SHA2-224': 'HMAC-SHA224', 'HMAC-SHA2-256': 'HMAC-SHA256', 'HMAC-SHA2-384': 'HMAC-SHA384', 'HMAC-SHA2-512': 'HMAC-SHA512', 'HMAC-SHA3-224': 'HMAC-SHA3-224', 'HMAC-SHA3-256': 'HMAC-SHA3-256', 'HMAC-SHA3-384': 'HMAC-SHA3-384', 'HMAC-SHA3-512': 'HMAC-SHA3-512', } hash_map = { 'MD2': 'MD2', 'MD4': 'MD4', 'MD5': 'MD5', 'SHA1': 'SHA1', 'SHA2-224': 'SHA224', 'SHA2-256': 'SHA256', 'SHA2-384': 'SHA384', 'SHA2-512': 'SHA512', 'SHA3-224': 'SHA3-224', 'SHA3-256': 'SHA3-256', 'SHA3-384': 'SHA3-384', 'SHA3-512': 'SHA3-512', 'SHAKE-128': None, # not present as of 3.101 'SHAKE-256': None, # not present as of 3.101 } curve_map = { # PRIME*, SECP<256, SECP*K1, C2TNB*, SECT*: skip 'X25519': 'CURVE25519', 'X448': None, # not present as of 3.101 'SECP256R1': 'SECP256R1', 'SECP384R1': 'SECP384R1', 'SECP521R1': 'SECP521R1', 'MLKEM768-X25519': 'mlkem768x25519', # not yet recognized as of nss-3.105.0-1.fc42 # 'P256-MLKEM768': 'mlkem768secp256r1', } cipher_map = { 'AES-256-GCM': ('aes256-gcm',), 'AES-192-GCM': ('aes192-gcm',), 'AES-128-GCM': ('aes128-gcm',), 'AES-256-CBC': ('aes256-cbc',), 'AES-192-CBC': ('aes192-cbc',), 'AES-128-CBC': ('aes128-cbc',), 'CAMELLIA-256-CBC': ('camellia256-cbc',), 'CAMELLIA-192-CBC': ('camellia192-cbc',), 'CAMELLIA-128-CBC': ('camellia128-cbc',), 'CHACHA20-POLY1305': ('chacha20-poly1305',), 'SEED-CBC': ('seed-cbc',), '3DES-CBC': ('des-ede3-cbc',), 'DES40-CBC': ('des-40-cbc',), 'DES-CBC': ('des-cbc',), 'RC4-128': ('rc4',), 'RC2-CBC': ('rc2', 'rc2-40-cbc', 'rc2-64-cbc', 'rc2-128-cbc'), 'IDEA': ('idea',), 'NULL': (), # hope nobody ever needs it } key_exchange_ssl_map = { 'RSA': ('RSA',), 'DHE-RSA': ('DHE-RSA',), 'DHE-DSS': ('DHE-DSS',), 'ECDHE': ('ECDHE-RSA', 'ECDHE-ECDSA'), 'ECDH': ('ECDH-RSA', 'ECDH-ECDSA'), 'DH': ('DH-RSA', 'DH-DSS'), } key_exchange_smime_map = { 'RSA': ('RSA-PKCS', 'RSA-OAEP'), 'ECDH': ('ECDH',), 'DH': ('DH',), } protocol_map = { 'SSL3.0': 'ssl3.0', 'TLS1.0': 'tls1.0', 'TLS1.1': 'tls1.1', 'TLS1.2': 'tls1.2', 'TLS1.3': 'tls1.3', 'DTLS1.0': 'dtls1.0', 'DTLS1.2': 'dtls1.2' } # Depends on a dict being ordered sign_prefix_ordmap = { 'RSA-PSS-': 'RSA-PSS', # must come before RSA- 'RSA-': 'RSA-PKCS', 'ECDSA-': 'ECDSA', 'DSA-': 'DSA', 'EDDSA-ED25519': 'ED25519', 'MLDSA44': 'ML-DSA-44', 'MLDSA65': 'ML-DSA-65', 'MLDSA87': 'ML-DSA-87', } sign_suffix_ordmap = { '-MD5': 'MD5', '-SHA1': 'SHA1', '-SHA2-224': 'SHA224', '-SHA2-256': 'SHA256', '-SHA2-384': 'SHA384', '-SHA2-512': 'SHA512', '-SHA3-224': 'SHA3-224', '-SHA3-256': 'SHA3-256', '-SHA3-384': 'SHA3-384', '-SHA3-512': 'SHA3-512', } @classmethod def generate_config(cls, unscoped_policy): ssl_policy = unscoped_policy.scoped({'tls', 'ssl', 'nss', 'nss-tls'}) pkcs12_import_policy = unscoped_policy.scoped({ 'nss', 'pkcs12-import', 'nss-pkcs12-import', 'pkcs12', 'nss-pkcs12' }) pkcs12_export_import_policy = unscoped_policy.scoped({ 'nss', 'pkcs12', 'nss-pkcs12' }) smime_import_policy = unscoped_policy.scoped({ 'nss', 'smime-import', 'nss-smime-import', 'smime', 'nss-smime' }) smime_export_import_policy = unscoped_policy.scoped({ 'nss', 'smime', 'nss-smime' }) # including it unconditionally, because Fedora NSS depends on p11-kit cfg = NSS_P11_KIT_PROXY.lstrip() + '\n\n' cfg += 'library=\n' cfg += 'name=Policy\n' cfg += 'NSS=flags=policyOnly,moduleDB\n' cfg += 'config="disallow=ALL allow=' r = [] macs_and_purposes = PurposeDeduplicator({ # possible uses as of 3.101: ssl, pkcs12{,-legacy} ('pkcs12', 'pkcs12-legacy'): 'pkcs12', ('ssl', 'pkcs12'): 'all', }) for i in ssl_policy.enabled['mac']: if (mac_alg := cls.mac_map.get(i)) is not None: macs_and_purposes.add(mac_alg, 'ssl') for i in pkcs12_export_import_policy.enabled['mac']: if (mac_alg := cls.mac_map.get(i)) is not None: macs_and_purposes.add(mac_alg, 'pkcs12') for i in pkcs12_import_policy.enabled['mac']: if (mac_alg := cls.mac_map.get(i)) is not None: macs_and_purposes.add(mac_alg, 'pkcs12-legacy') r.extend(macs_and_purposes.deduplicated()) groups_and_purposes = PurposeDeduplicator({ # possible uses as of 3.101: ssl-key-exchange, cert-signature # and cert-signature requires signature ('ssl-key-exchange', 'cert-signature', 'signature'): 'all', }) for i in ssl_policy.enabled['group']: if (group_alg := cls.curve_map.get(i)) is not None: groups_and_purposes.add(group_alg, 'ssl-key-exchange') groups_and_purposes.add(group_alg, 'cert-signature') groups_and_purposes.add(group_alg, 'signature') r.extend(groups_and_purposes.deduplicated()) ciphers_and_purposes = PurposeDeduplicator({ # possible uses as of 3.101: ssl, pkcs12{,-legacy}, smime{,-legacy} ('pkcs12', 'pkcs12-legacy'): 'pkcs12', ('smime', 'smime-legacy'): 'smime', ('ssl', 'pkcs12', 'smime'): 'all', }) for i in ssl_policy.enabled['cipher']: for cipher_alg in cls.cipher_map.get(i, ()): ciphers_and_purposes.add(cipher_alg, 'ssl') for i in pkcs12_export_import_policy.enabled['cipher']: for cipher_alg in cls.cipher_map.get(i, ()): ciphers_and_purposes.add(cipher_alg, 'pkcs12') for i in pkcs12_import_policy.enabled['cipher']: for cipher_alg in cls.cipher_map.get(i, ()): ciphers_and_purposes.add(cipher_alg, 'pkcs12-legacy') for i in smime_export_import_policy.enabled['cipher']: for cipher_alg in cls.cipher_map.get(i, ()): ciphers_and_purposes.add(cipher_alg, 'smime') for i in smime_import_policy.enabled['cipher']: for cipher_alg in cls.cipher_map.get(i, ()): ciphers_and_purposes.add(cipher_alg, 'smime-legacy') r.extend(ciphers_and_purposes.deduplicated()) hashes_and_purposes = PurposeDeduplicator({ # possible uses as of 3.101: # ssl-key-exchange, {cert-,smime-,}signature, pkcs12{,-legacy} # either of cert-signature and smime-signature requires signature ('pkcs12', 'pkcs12-legacy'): 'pkcs12', ('cert-signature', 'smime-signature', 'signature'): 'all-signature', ('ssl-key-exchange', 'all-signature', 'pkcs12'): 'all', }) for i in ssl_policy.enabled['hash']: if (hash_alg := cls.hash_map.get(i)) is not None: hashes_and_purposes.add(hash_alg, 'ssl-key-exchange') for i in pkcs12_export_import_policy.enabled['hash']: if (hash_alg := cls.hash_map.get(i)) is not None: hashes_and_purposes.add(hash_alg, 'pkcs12') for i in pkcs12_import_policy.enabled['hash']: if (hash_alg := cls.hash_map.get(i)) is not None: hashes_and_purposes.add(hash_alg, 'pkcs12-legacy') # but for signature purposes, we'd better look at `sign` for i in ssl_policy.enabled['sign']: for suffix, sighashalg in cls.sign_suffix_ordmap.items(): if i.endswith(suffix): hashes_and_purposes.add(sighashalg, 'cert-signature') hashes_and_purposes.add(sighashalg, 'signature') for i in smime_export_import_policy.enabled['sign']: for suffix, sighashalg in cls.sign_suffix_ordmap.items(): if i.endswith(suffix): hashes_and_purposes.add(sighashalg, 'smime-signature') for i in smime_import_policy.enabled['key_exchange']: for suffix, sighashalg in cls.sign_suffix_ordmap.items(): if i.endswith(suffix): hashes_and_purposes.add(sighashalg, 'smime-signature-legacy') r.extend(hashes_and_purposes.deduplicated()) kex_and_purposes = PurposeDeduplicator({ # possible uses as of 3.101: # ssl-key-exchange, smime-key-exchange{,-legacy} ('smime-key-exchange', 'smime-key-exchange-legacy'): 'smime-key-exchange', ('ssl-key-exchange', 'smime-key-exchange'): 'all', }) for i in ssl_policy.enabled['key_exchange']: for kex_alg in cls.key_exchange_ssl_map.get(i, ()): kex_and_purposes.add(kex_alg, 'ssl-key-exchange') for i in smime_import_policy.enabled['key_exchange']: for kex_alg in cls.key_exchange_smime_map.get(i, ()): kex_and_purposes.add(kex_alg, 'smime-key-exchange-legacy') for i in smime_export_import_policy.enabled['key_exchange']: for kex_alg in cls.key_exchange_smime_map.get(i, ()): kex_and_purposes.add(kex_alg, 'smime-key-exchange') r.extend(kex_and_purposes.deduplicated()) sigalgs_and_purposes = PurposeDeduplicator({ # possible uses as of 3.101: # ssl-key-exchange, {cert-,smime-,}signature ('cert-signature', 'smime-signature', 'signature'): 'all-signature', ('ssl-key-exchange', 'all-signature'): 'all', }) for i in ssl_policy.enabled['sign']: for prefix, sigalg in cls.sign_prefix_ordmap.items(): if i.startswith(prefix): sigalgs_and_purposes.add(sigalg, 'ssl-key-exchange') sigalgs_and_purposes.add(sigalg, 'cert-signature') sigalgs_and_purposes.add(sigalg, 'signature') for i in smime_export_import_policy.enabled['sign']: for prefix, sigalg in cls.sign_prefix_ordmap.items(): if i.startswith(prefix): sigalgs_and_purposes.add(sigalg, 'smime-signature') sigalgs_and_purposes.add(sigalg, 'signature') r.extend(sigalgs_and_purposes.deduplicated()) # option not in Fedora yet, default to True no_tls_require_ems = os.getenv('NSS_NO_TLS_REQUIRE_EMS', '1') == '1' if ssl_policy.enums['__ems'] == 'ENFORCE' and not no_tls_require_ems: r.append('TLS-REQUIRE-EMS') if ssl_policy.min_tls_version: minver = cls.protocol_map[ssl_policy.min_tls_version] r.append('tls-version-min=' + minver) else: # FIXME, preserving behaviour, but this is wrong r.append('tls-version-min=0') if ssl_policy.min_dtls_version: minver = cls.protocol_map[ssl_policy.min_dtls_version] r.append('dtls-version-min=' + minver) else: # FIXME, preserving behaviour, but this is wrong r.append('dtls-version-min=0') r.append(f'DH-MIN={ssl_policy.integers["min_dh_size"]}') r.append(f'DSA-MIN={ssl_policy.integers["min_dsa_size"]}') r.append(f'RSA-MIN={ssl_policy.integers["min_rsa_size"]}') cfg += ':'.join(r) + '"\n' return cfg @classmethod def test_config(cls, config): # If nss-policy-check is not installed, assume the policy is valid nss_policy_check = shutil.which('nss-policy-check') if nss_policy_check is None: return True nss_path = ctypes.util.find_library('nss3') nss_lib = ctypes.CDLL(nss_path) nss_lax = os.getenv('NSS_LAX', '0') == '1' nss_is_lax_by_default = True try: if not nss_lib.NSS_VersionCheck(b'3.80'): # NSS older than 3.80 uses strict config checking. # 3.80 and newer ignores new keywords by default # and needs extra switches to be strict. nss_is_lax_by_default = False except AttributeError: cls.eprint('Cannot determine nss version with ctypes, ' 'assuming >=3.80') options = ('-f value -f identifier' if nss_is_lax_by_default and not nss_lax else '') fd, path = mkstemp() ret = 255 try: with os.fdopen(fd, 'w') as f: f.write(config) try: ret = call(f'{nss_policy_check} {options} {path}' '>/dev/null', shell=True) except CalledProcessError: cls.eprint("/usr/bin/nss-policy-check: Execution failed") finally: os.unlink(path) if ret == 2: cls.eprint("There is a warning in NSS generated policy") cls.eprint(f'Policy:\n{config}') return False if ret: cls.eprint("There is an error in NSS generated policy") cls.eprint(f'Policy:\n{config}') return False return True crypto-policies-20251128.git19878fe/python/policygenerators/openssh.py000066400000000000000000000272401511230041100255570ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import os import re import subprocess from tempfile import mkstemp from .configgenerator import ConfigGenerator class OpenSSHGenerator(ConfigGenerator): cipher_map = { 'AES-256-GCM': 'aes256-gcm@openssh.com', 'AES-256-CTR': 'aes256-ctr', 'AES-192-GCM': '', # not supported 'AES-192-CTR': 'aes192-ctr', 'AES-128-GCM': 'aes128-gcm@openssh.com', 'AES-128-CTR': 'aes128-ctr', 'CHACHA20-POLY1305': 'chacha20-poly1305@openssh.com', 'CAMELLIA-256-GCM': '', 'AES-256-CCM': '', 'AES-192-CCM': '', 'AES-128-CCM': '', 'CAMELLIA-128-GCM': '', 'AES-256-CBC': 'aes256-cbc', 'AES-192-CBC': 'aes192-cbc', 'AES-128-CBC': 'aes128-cbc', 'CAMELLIA-256-CBC': '', 'CAMELLIA-128-CBC': '', 'RC4-128': '', 'DES-CBC': '', 'CAMELLIA-128-CTS': '', '3DES-CBC': '3des-cbc' } mac_map_etm = { 'HMAC-MD5': 'hmac-md5-etm@openssh.com', 'UMAC-64': 'umac-64-etm@openssh.com', 'UMAC-128': 'umac-128-etm@openssh.com', 'HMAC-SHA1': 'hmac-sha1-etm@openssh.com', 'HMAC-SHA2-256': 'hmac-sha2-256-etm@openssh.com', 'HMAC-SHA2-512': 'hmac-sha2-512-etm@openssh.com' } mac_map = { 'HMAC-MD5': 'hmac-md5', 'UMAC-64': 'umac-64@openssh.com', 'UMAC-128': 'umac-128@openssh.com', 'HMAC-SHA1': 'hmac-sha1', 'HMAC-SHA2-256': 'hmac-sha2-256', 'HMAC-SHA2-512': 'hmac-sha2-512' } kx_map = { ('ECDHE', 'SECP521R1', 'SHA2-512'): ('ecdh-sha2-nistp521',), ('ECDHE', 'SECP384R1', 'SHA2-384'): ('ecdh-sha2-nistp384',), ('ECDHE', 'SECP256R1', 'SHA2-256'): ('ecdh-sha2-nistp256',), ('ECDHE', 'X25519', 'SHA2-256'): ( 'curve25519-sha256', 'curve25519-sha256@libssh.org', ), ('DHE', 'FFDHE-1024', 'SHA1'): ('diffie-hellman-group1-sha1',), ('DHE', 'FFDHE-2048', 'SHA1'): ('diffie-hellman-group14-sha1',), ('DHE', 'FFDHE-2048', 'SHA2-256'): ('diffie-hellman-group14-sha256',), ('DHE', 'FFDHE-4096', 'SHA2-512'): ('diffie-hellman-group16-sha512',), ('DHE', 'FFDHE-8192', 'SHA2-512'): ('diffie-hellman-group18-sha512',), ('SNTRUP', 'X25519', 'SHA2-512'): ( 'sntrup761x25519-sha512', 'sntrup761x25519-sha512@openssh.com', ), ('KEM-ECDH', 'MLKEM768-X25519', 'SHA2-256'): ( 'mlkem768x25519-sha256', ), ('KEM-ECDH', 'P256-MLKEM768', 'SHA2-256'): ( 'mlkem768nistp256-sha256', ), ('KEM-ECDH', 'P384-MLKEM1024', 'SHA2-384'): ( 'mlkem1024nistp384-sha384', ), } gx_map = { ('DHE', 'SHA1'): ('diffie-hellman-group-exchange-sha1',), ('DHE', 'SHA2-256'): ('diffie-hellman-group-exchange-sha256',), } gss_kx_map = { ('DHE-GSS', 'SHA1'): ('gss-gex-sha1-',), ('DHE-GSS', 'FFDHE-1024', 'SHA1'): ('gss-group1-sha1-',), ('DHE-GSS', 'FFDHE-2048', 'SHA1'): ('gss-group14-sha1-',), ('DHE-GSS', 'FFDHE-2048', 'SHA2-256'): ('gss-group14-sha256-',), ('ECDHE-GSS', 'SECP256R1', 'SHA2-256'): ('gss-nistp256-sha256-',), ('ECDHE-GSS', 'X25519', 'SHA2-256'): ('gss-curve25519-sha256-',), ('DHE-GSS', 'FFDHE-4096', 'SHA2-512'): ('gss-group16-sha512-',), } sign_map = { 'RSA-SHA1': 'ssh-rsa', 'DSA-SHA1': '', # openssh no longer recognizes it 'RSA-SHA2-256': 'rsa-sha2-256', 'RSA-SHA2-512': 'rsa-sha2-512', 'ECDSA-SHA2-256': 'ecdsa-sha2-nistp256', 'ECDSA-SHA2-256-FIDO': 'sk-ecdsa-sha2-nistp256@openssh.com', 'ECDSA-SHA2-384': 'ecdsa-sha2-nistp384', 'ECDSA-SHA2-512': 'ecdsa-sha2-nistp521', 'EDDSA-ED25519': 'ssh-ed25519', 'EDDSA-ED25519-FIDO': 'sk-ssh-ed25519@openssh.com', } sign_map_certs = { 'RSA-SHA1': 'ssh-rsa-cert-v01@openssh.com', 'DSA-SHA1': '', # openssh no longer recognizes it 'RSA-SHA2-256': 'rsa-sha2-256-cert-v01@openssh.com', 'RSA-SHA2-512': 'rsa-sha2-512-cert-v01@openssh.com', 'ECDSA-SHA2-256': 'ecdsa-sha2-nistp256-cert-v01@openssh.com', 'ECDSA-SHA2-256-FIDO': 'sk-ecdsa-sha2-nistp256-cert-v01@openssh.com', 'ECDSA-SHA2-384': 'ecdsa-sha2-nistp384-cert-v01@openssh.com', 'ECDSA-SHA2-512': 'ecdsa-sha2-nistp521-cert-v01@openssh.com', 'EDDSA-ED25519': 'ssh-ed25519-cert-v01@openssh.com', 'EDDSA-ED25519-FIDO': 'sk-ssh-ed25519-cert-v01@openssh.com', } @classmethod def generate_options(cls, policy, local_kx_map, local_gss_kx_map, do_host_key): p = policy.enabled cfg = '' sep = ',' s = '' for i in p['cipher']: try: s = cls.append(s, cls.cipher_map[i], sep) except KeyError: pass if s: cfg += f'Ciphers {s}\n' s = '' if policy.enums['etm'] != 'DISABLE_ETM': for i in p['mac']: try: s = cls.append(s, cls.mac_map_etm[i], sep) except KeyError: pass if policy.enums['etm'] != 'DISABLE_NON_ETM': for i in p['mac']: try: s = cls.append(s, cls.mac_map[i], sep) except KeyError: pass if s: cfg += f'MACs {s}\n' kxs = [] gss_kxs = [] for kx in p['key_exchange']: for h in p['hash']: if policy.integers['arbitrary_dh_groups']: try: kxs.extend(cls.gx_map[(kx, h)]) except KeyError: pass try: gss_kxs.extend(local_gss_kx_map[(kx, h)]) except KeyError: pass for g in p['group']: try: kxs.extend(local_kx_map[(kx, g, h)]) except KeyError: pass try: gss_kxs.extend(local_gss_kx_map[(kx, g, h)]) except KeyError: pass if gss_kxs: cfg += f'GSSAPIKexAlgorithms {",".join(gss_kxs)}\n' else: cfg += 'GSSAPIKeyExchange no\n' if kxs: cfg += f'KexAlgorithms {",".join(kxs)}\n' s = '' for i in p['sign']: try: s = cls.append(s, cls.sign_map[i], sep) except KeyError: pass if policy.integers['ssh_certs']: try: s = cls.append(s, cls.sign_map_certs[i], sep) except KeyError: pass if s: # As OpenSSH currently ignores existing known host # entries with this setting we cannot use it on client. # Otherwise we could break existing users. if do_host_key: cfg += f'HostKeyAlgorithms {s}\n' cfg += f'PubkeyAcceptedAlgorithms {s}\n' cfg += f'HostbasedAcceptedAlgorithms {s}\n' s = '' for i in p['sign']: try: s = cls.append(s, cls.sign_map[i], sep) except KeyError: pass if s: cfg += f'CASignatureAlgorithms {s}\n' if policy.integers['min_rsa_size'] > 0: cfg += f"RequiredRSASize {policy.integers['min_rsa_size']}\n" return cfg class OpenSSHClientGenerator(OpenSSHGenerator): CONFIG_NAME = 'openssh' @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'ssh', 'openssh', 'openssh-client'}) local_kx_map = dict(cls.kx_map) local_gss_kx_map = dict(cls.gss_kx_map) return cls.generate_options(policy, local_kx_map, local_gss_kx_map, do_host_key=False) @classmethod def test_config(cls, config): if os.getenv('OLD_OPENSSH') == '1': return True if not os.access('/usr/bin/ssh', os.X_OK): return True fd, path = mkstemp() ret = 255 try: with os.fdopen(fd, 'w') as f: f.write(config) try: ret = subprocess.call(f'/usr/bin/ssh -G -F {path} ' 'bogus654_server >/dev/null', shell=True) except subprocess.CalledProcessError: cls.eprint("/usr/bin/ssh: Execution failed") finally: os.unlink(path) if ret: cls.eprint('There is an error in OpenSSH server generated policy') cls.eprint(f'Policy:\n{config}') return False return True class OpenSSHServerGenerator(OpenSSHGenerator): CONFIG_NAME = 'opensshserver' # We need to restart here, # since systemd needs to pick up new command line options RELOAD_CMD = 'systemctl try-restart sshd.service 2>/dev/null || :\n' @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'ssh', 'openssh', 'openssh-server'}) # Difference from client, keep group1 disabled on server local_kx_map = dict(cls.kx_map) local_gss_kx_map = dict(cls.gss_kx_map) del local_kx_map[('DHE', 'FFDHE-1024', 'SHA1')] del local_gss_kx_map[('DHE-GSS', 'FFDHE-1024', 'SHA1')] return cls.generate_options(policy, local_kx_map, local_gss_kx_map, do_host_key=True) @classmethod def _test_setup(cls): _fd, path = mkstemp() os.unlink(path) ret = 255 try: ret = subprocess.call('/usr/bin/ssh-keygen -t rsa -b 3072 ' f'-f {path} -N "" >/dev/null', shell=True) except subprocess.CalledProcessError: cls.eprint("/usr/bin/ssh-keygen: Execution failed") if ret: cls.eprint("SSH Keygen failed when testing OpenSSH server policy") return '' return path @classmethod def _test_cleanup(cls, path): if path: os.unlink(path) @classmethod def test_config(cls, config): if os.getenv('OLD_OPENSSH') == '1': return True if not os.access('/usr/sbin/sshd', os.X_OK): return True host_key_filename = cls._test_setup() if not host_key_filename: return False fd, path = mkstemp() ret = 255 try: with os.fdopen(fd, 'w') as f: f.write(config) try: ret = subprocess.call('/usr/sbin/sshd -T ' f'-h {host_key_filename} -f {path} ' '>/dev/null', shell=True) except subprocess.CalledProcessError: cls.eprint("/usr/sbin/sshd: Execution failed") finally: os.unlink(path) cls._test_cleanup(host_key_filename) if ret: cls.eprint('There is an error in OpenSSH server generated policy') cls.eprint(f'Policy:\n{config}') return False return True def _openssh_version(): try: ssh_version = subprocess.run(['/usr/bin/ssh', '-V'], check=False, stderr=subprocess.PIPE).stderr.decode() ver = re.match(r'OpenSSH_(\d+).(\d+)p.*', ssh_version) if ver: return tuple(int(n) for n in ver.groups()) except (FileNotFoundError, PermissionError): return None return None crypto-policies-20251128.git19878fe/python/policygenerators/openssl.py000066400000000000000000000356571511230041100255760ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import re from subprocess import CalledProcessError, check_output from .configgenerator import ConfigGenerator RH_SHA1_SECTION = ''' [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = {} ''' FIPS_MODULE_CONFIG = ''' [fips_sect] tls1-prf-ems-check = {} activate = 1 ''' class OpenSSLGenerator(ConfigGenerator): CONFIG_NAME = 'opensslcnf' cipher_not_map = { 'AES-256-CTR': '', 'AES-128-CTR': '', 'AES-256-GCM': '-AES256', 'AES-128-GCM': '-AES128', 'AES-256-CBC': '-SHA256', 'AES-128-CBC': '', 'CHACHA20-POLY1305': '-CHACHA20', 'SEED-CBC': '-SEED', 'IDEA-CBC': '!IDEA', 'DES-CBC': '!DES', 'RC4-40': '', 'DES40-CBC': '', '3DES-CBC': '-3DES', 'RC4-128': '!RC4', 'RC2-CBC': '!RC2', 'NULL': '!eNULL:!aNULL' } cipher_notany_multimap = { # CBC is documented as SSL_DES, SSL_3DES, SSL_RC2, SSL_IDEA, # SSL_AES128, SSL_AES256, # SSL_CAMELLIA128, SSL_CAMELLIA256, SSL_SEED '-CBC': {'DES-CBC', '3DES-CBC', 'RC2-CBC', 'IDEA-CBC', 'AES-128-CBC', 'AES-256-CBC', 'CAMELLIA-128-CBC', 'CAMELLIA-256-CBC', 'SEED-CBC'}, '-AESCCM': {'AES-128-CCM', 'AES-256-CCM'}, '-AESGCM': {'AES-128-GCM', 'AES-256-GCM'}, } key_exchange_map = { 'RSA': 'kRSA', 'ECDHE': 'kEECDH', 'PSK': 'kPSK', 'DHE-PSK': 'kDHEPSK', 'DHE-RSA': 'kEDH', 'DHE-DSS': '', 'ECDHE-PSK': 'kECDHEPSK', 'RSA-PSK': 'kRSAPSK', 'VKO-GOST-2012': 'kGOST' } key_exchange_not_map = { 'ANON': '', 'DH': '', 'ECDH': '', 'RSA': '-kRSA', 'ECDHE': '-kEECDH', 'DHE-RSA': '-aRSA', 'DHE-DSS': '-aDSS', 'PSK': '-kPSK', 'DHE-PSK': '-kDHEPSK', 'ECDHE-PSK': '-kECDHEPSK', 'RSA-PSK': '-kRSAPSK' } mac_not_map = { 'HMAC-MD5': '!MD5', 'HMAC-SHA1': '-SHA1' } ciphersuite_map = { 'TLS_AES_256_GCM_SHA384': { 'cipher': {'AES-256-GCM'}, 'hash': {'SHA2-384'}, 'protocol': {'TLS1.3', 'DTLS1.3'}, }, 'TLS_AES_128_GCM_SHA256': { 'cipher': {'AES-128-GCM'}, 'hash': {'SHA2-256'}, 'protocol': {'TLS1.3', 'DTLS1.3'}, }, 'TLS_CHACHA20_POLY1305_SHA256': { 'cipher': {'CHACHA20-POLY1305'}, 'hash': {'SHA2-256'}, 'protocol': {'TLS1.3', 'DTLS1.3'}, }, 'TLS_AES_128_CCM_SHA256': { 'cipher': {'AES-128-CCM'}, 'hash': {'SHA2-256'}, 'protocol': {'TLS1.3', 'DTLS1.3'}, }, # This one is not enableable since c-p does not expose CCM8 ciphers: # 'TLS_AES_128_CCM_8_SHA256': { # 'cipher': {'AES-128-CCM8'}, # this is not a thing in c-p # 'hash': {'SHA2-256'}, # 'protocol': {'TLS1.3', 'DTLS1.3'}, # }, 'TLS_SHA256_SHA256': { 'cipher': {'NULL'}, 'hash': {'SHA2-256'}, 'mac': {'HMAC-SHA2-256'}, 'protocol': {'TLS1.3', 'DTLS1.3'}, }, 'TLS_SHA384_SHA384': { 'cipher': {'NULL'}, 'hash': {'SHA2-384'}, 'mac': {'HMAC-SHA2-384'}, 'protocol': {'TLS1.3', 'DTLS1.3'}, }, } # has to cover everything c-p has protocol_map = { 'SSL3.0': 'SSLv3', 'TLS1.0': 'TLSv1', 'TLS1.1': 'TLSv1.1', 'TLS1.2': 'TLSv1.2', 'TLS1.3': 'TLSv1.3', 'DTLS0.9': 'DTLSv0.9', 'DTLS1.0': 'DTLSv1', 'DTLS1.2': 'DTLSv1.2' } sign_map = { 'RSA-SHA1': 'RSA+SHA1', 'DSA-SHA1': 'DSA+SHA1', 'ECDSA-SHA1': 'ECDSA+SHA1', 'RSA-SHA2-224': 'RSA+SHA224', 'DSA-SHA2-224': 'DSA+SHA224', 'ECDSA-SHA2-224': 'ECDSA+SHA224', 'RSA-SHA2-256': 'RSA+SHA256', 'DSA-SHA2-256': 'DSA+SHA256', 'ECDSA-SHA2-256': 'ECDSA+SHA256', 'RSA-SHA2-384': 'RSA+SHA384', 'DSA-SHA2-384': 'DSA+SHA384', 'ECDSA-SHA2-384': 'ECDSA+SHA384', 'RSA-SHA2-512': 'RSA+SHA512', 'DSA-SHA2-512': 'DSA+SHA512', 'ECDSA-SHA2-512': 'ECDSA+SHA512', 'RSA-PSS-SHA2-256': 'rsa_pss_pss_sha256', 'RSA-PSS-SHA2-384': 'rsa_pss_pss_sha384', 'RSA-PSS-SHA2-512': 'rsa_pss_pss_sha512', 'RSA-PSS-RSAE-SHA2-256': 'rsa_pss_rsae_sha256', 'RSA-PSS-RSAE-SHA2-384': 'rsa_pss_rsae_sha384', 'RSA-PSS-RSAE-SHA2-512': 'rsa_pss_rsae_sha512', 'EDDSA-ED25519': 'ed25519', 'EDDSA-ED448': 'ed448', # optional to not hard-require newer openssl version 'ECDSA-BRAINPOOLP256-SHA2-256': '?ecdsa_brainpoolP256r1_sha256', 'ECDSA-BRAINPOOLP384-SHA2-384': '?ecdsa_brainpoolP384r1_sha384', 'ECDSA-BRAINPOOLP512-SHA2-512': '?ecdsa_brainpoolP512r1_sha512', # provider-only, so, optional (openssl#23050) + marked experimental 'MLDSA44': '?mldsa44', 'P256-MLDSA44': '?p256_mldsa44', 'RSA3072-MLDSA44': '?rsa3072_mldsa44', 'MLDSA44-PSS2048': '?mldsa44_pss2048', 'MLDSA44-RSA2048': '?mldsa44_rsa2048', 'MLDSA44-ED25519': '?mldsa44_ed25519', 'MLDSA44-P256': '?mldsa44_p256', 'MLDSA44-BP256': '?mldsa44_bp256', 'MLDSA65': '?mldsa65', 'P384-MLDSA65': '?p384_mldsa65', 'MLDSA65-PSS3072': '?mldsa65_pss3072', 'MLDSA65-RSA3072': '?mldsa65_rsa3072', 'MLDSA65-P256': '?mldsa65_p256', 'MLDSA65-BP256': '?mldsa65_bp256', 'MLDSA65-ED25519': '?mldsa65_ed25519', 'MLDSA87': '?mldsa87', 'P521-MLDSA87': '?p521_mldsa87', 'MLDSA87-P384': '?mldsa87_p384', 'MLDSA87-BP384': '?mldsa87_bp384', 'MLDSA87-ED448': '?mldsa87_ed448', 'FALCON512': '?falcon512', 'P256-FALCON512': '?p256_falcon512', 'RSA3072-FALCON512': '?rsa3072_falcon512', 'FALCONPADDED512': '?falconpadded512', 'P256-FALCONPADDED512': '?p256_falconpadded512', 'RSA3072-FALCONPADDED512': '?rsa3072_falconpadded512', 'FALCON1024': '?falcon1024', 'P521-FALCON1024': '?p521_falcon1024', 'FALCONPADDED1024': '?falconpadded1024', 'P521-FALCONPADDED1024': '?p521_falconpadded1024', 'SPHINCSSHA2128FSIMPLE': '?sphincssha2128fsimple', 'P256-SPHINCSSHA2128FSIMPLE': '?p256_sphincssha2128fsimple', 'RSA3072-SPHINCSSHA2128FSIMPLE': '?rsa3072_sphincssha2128fsimple', 'SPHINCSSHA2128SSIMPLE': '?sphincssha2128ssimple', 'P256-SPHINCSSHA2128SSIMPLE': '?p256_sphincssha2128ssimple', 'RSA3072-SPHINCSSHA2128SSIMPLE': '?rsa3072_sphincssha2128ssimple', 'SPHINCSSHA2192FSIMPLE': '?sphincssha2192fsimple', 'P384-SPHINCSSHA2192FSIMPLE': '?p384_sphincssha2192fsimple', 'SPHINCSSHAKE128FSIMPLE': '?sphincsshake128fsimple', 'P256-SPHINCSSHAKE128FSIMPLE': '?p256_sphincsshake128fsimple', 'RSA3072-SPHINCSSHAKE128FSIMPLE': '?rsa3072_sphincsshake128fsimple', } group_pq_map = { # provider-only, so, optional (openssl#23050) + marked experimental 'MLKEM512': '?mlkem512', 'P256-MLKEM512': '?p256_mlkem512', 'X25519-MLKEM512': '?x25519_mlkem512', 'MLKEM768': '?mlkem768', 'P384-MLKEM768': '?p384_mlkem768', 'X448-MLKEM768': '?x448_mlkem768', 'MLKEM768-X25519': '?X25519MLKEM768:?x25519_mlkem768', # new/old name 'P256-MLKEM768': '?SecP256r1MLKEM768:?p256_mlkem768', # new/old name 'MLKEM1024': '?mlkem1024', 'P521-MLKEM1024': '?p521_mlkem1024', 'P384-MLKEM1024': '?SecP384r1MLKEM1024:?p384_mlkem1024', # new/old } group_classic_map = { 'SECP224R1': 'secp224r1', 'SECP256R1': 'secp256r1', 'SECP384R1': 'secp384r1', 'SECP521R1': 'secp521r1', 'X25519': 'X25519', 'X448': 'X448', 'FFDHE-2048': 'ffdhe2048', 'FFDHE-3072': 'ffdhe3072', 'FFDHE-4096': 'ffdhe4096', 'FFDHE-6144': 'ffdhe6144', 'FFDHE-8192': 'ffdhe8192', 'BRAINPOOL-P256R1': '?brainpoolP256r1tls13:brainpoolP256r1', 'BRAINPOOL-P384R1': '?brainpoolP384r1tls13:brainpoolP384r1', 'BRAINPOOL-P512R1': '?brainpoolP512r1tls13:brainpoolP512r1', } @classmethod def generate_ciphers(cls, policy): s = '' p = policy.enabled ip = policy.disabled # We cannot separate RSA strength from DH params. min_dh_size = policy.integers['min_dh_size'] min_rsa_size = policy.integers['min_rsa_size'] if min_dh_size < 1023 or min_rsa_size < 1023: s = cls.append(s, '@SECLEVEL=0') elif min_dh_size < 2048 or min_rsa_size < 2048: s = cls.append(s, '@SECLEVEL=1') elif min_dh_size < 3072 or min_rsa_size < 3072: s = cls.append(s, '@SECLEVEL=2') else: s = cls.append(s, '@SECLEVEL=3') for i in p['key_exchange']: try: s = cls.append(s, cls.key_exchange_map[i]) except KeyError: pass for i in ip['key_exchange']: try: s = cls.append(s, cls.key_exchange_not_map[i]) except KeyError: pass for i in ip['cipher']: try: s = cls.append(s, cls.cipher_not_map[i]) except KeyError: pass for keyword, cipherset in cls.cipher_notany_multimap.items(): if all(c in ip['cipher'] for c in cipherset): s = cls.append(s, keyword) for i in ip['mac']: try: s = cls.append(s, cls.mac_not_map[i]) except KeyError: pass # These ciphers are not necessary for any # policy level, and only increase the attack surface. # FIXME! must be fixed for custom policies for c in ('-SHA384', '-CAMELLIA', '-ARIA', '-AESCCM8'): s = cls.append(s, c) return s @classmethod def generate_ciphersuites(cls, policy): s = '' p = policy.enabled # we need the output sorted by order of `cipher` # finer sorting nuances are currently ignored for c in p['cipher']: cipher_submap = {name: spec for name, spec in cls.ciphersuite_map.items() if spec['cipher'] == {c}} for ciphersuite_name, ciphersuite_spec in cipher_submap.items(): if all(any(val in algvalues for val in p[algclass]) for algclass, algvalues in ciphersuite_spec.items()): s = cls.append(s, ciphersuite_name) return s @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'tls', 'ssl', 'openssl'}) p = policy.enabled # This includes the seclevel s = f'CipherString = {cls.generate_ciphers(policy)}\n' s += f'Ciphersuites = {cls.generate_ciphersuites(policy)}\n' if policy.min_tls_version: s += 'TLS.MinProtocol =' s += f' {cls.protocol_map[policy.min_tls_version]}\n' if policy.max_tls_version: s += 'TLS.MaxProtocol =' s += f' {cls.protocol_map[policy.max_tls_version]}\n' if policy.min_tls_version is None: s += '# Disable all TLS\n' s += 'TLS.MinProtocol = DTLSv1.2\n' s += 'TLS.MaxProtocol = DTLSv1.1\n' if policy.min_dtls_version: s += 'DTLS.MinProtocol =' s += f' {cls.protocol_map[policy.min_dtls_version]}\n' if policy.max_dtls_version: s += 'DTLS.MaxProtocol =' s += f' {cls.protocol_map[policy.max_dtls_version]}\n' if policy.min_dtls_version is None: s += '# Disable all DTLS\n' s += 'DTLS.MinProtocol = DTLSv1.2\n' s += 'DTLS.MaxProtocol = DTLSv1.1\n' sig_algs = [cls.sign_map[i] for i in p['sign'] if i in cls.sign_map] s += 'SignatureAlgorithms = ' + ':'.join(sig_algs) + '\n' # Separate groups into PQ and classic groups, generate them as follows: # `*first_pq:rest_pq/*first_classic:rest_classic`. # This way servers will prefer any PQ over any classic, # and clients will send key_shares for top priority PQ # and top priority classic groups groups_pq = [cls.group_pq_map[i] for i in p['group'] if i in cls.group_pq_map] groups_classic = [cls.group_classic_map[i] for i in p['group'] if i in cls.group_classic_map] group_classes = ( (['*' + ':'.join(groups_pq)] if groups_pq else []) + (['*' + ':'.join(groups_classic)] if groups_classic else []) ) s += 'Groups = ' + '/'.join(group_classes) + '\n' if policy.enums['__ems'] == 'RELAX': s += 'Options = RHNoEnforceEMSinFIPS\n' # default size for req key generation, # to be consumed when bz2349857 gets fixed default_rsa_size = max(policy.integers['min_rsa_size'], 2048) s += f'\n[req]\ndefault_bits = {default_rsa_size}\n' # In the future it'll be just # s += RH_SHA1_SECTION.format('yes' if 'SHA1' in p['hash'] else 'no') # but for now we slow down the roll-out and we have sha1_sig = not policy.integers['__openssl_block_sha1_signatures'] s += RH_SHA1_SECTION.format('yes' if sha1_sig else 'no') return s @classmethod def test_config(cls, config): output = b'' ciphers, = re.findall(r'^CipherString = (.*)$', config, re.MULTILINE) try: output = check_output(['openssl', # noqa: S607 'ciphers', ciphers]) except CalledProcessError: cls.eprint('There is an error in openssl generated policy') cls.eprint(f'Policy:\n{config}') return False except OSError: # Ignore missing openssl return True if b'ADH' in output: cls.eprint('There is ADH in openssl generated policy') cls.eprint(f'Policy:\n{config}') return False return True class OpenSSLFIPSGenerator(ConfigGenerator): CONFIG_NAME = 'openssl_fips' @classmethod def generate_config(cls, unscoped_policy): policy = unscoped_policy.scoped({'tls', 'ssl', 'openssl'}) # OpenSSL EMS relaxation is special # in that it uses a separate FIPS module config # and, just in case, EMS is enforcing by default. # It only puts `= 0` there if it's explicitly relaxed. # That's the reason why `__ems` is a tri-state enum. return FIPS_MODULE_CONFIG.format(int(policy.enums['__ems'] != 'RELAX')) @classmethod def test_config(cls, config): # pylint: disable=unused-argument return True crypto-policies-20251128.git19878fe/python/policygenerators/sequoia.py000066400000000000000000000207131511230041100255440ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2022 Red Hat, Inc. # Copyright (c) 2022 Alexander Sosedkin import os import subprocess from tempfile import mkstemp try: import tomllib as toml toml_error = toml.TOMLDecodeError except ModuleNotFoundError: import toml toml_error = toml.decoder.TomlDecodeError from .configgenerator import ConfigGenerator class SequoiaGenerator(ConfigGenerator): # Limitation: controls only # * `hash_algorithms`, # * `symmetric_algorithms` and # * partially, `asymmetric_algorithms`, deduced from `sign` and `group` CONFIG_NAME = 'sequoia' # sequoia display name to c-p name, taken from sequoia_openpgp/types/mod.rs hash_backwards_map = { 'md5': 'MD5', 'sha1': 'SHA1', 'ripemd160': None, 'sha224': 'SHA2-224', 'sha256': 'SHA2-256', 'sha384': 'SHA2-384', 'sha512': 'SHA2-512', 'sha3-256': 'SHA3-256', 'sha3-512': 'SHA3-512', } symmetric_backwards_map = { 'idea': 'IDEA-CFB', 'tripledes': '3DES-CFB', 'cast5': None, 'blowfish': None, 'aes128': 'AES-128-CFB', 'aes192': 'AES-192-CFB', 'aes256': 'AES-256-CFB', 'twofish': None, 'camellia128': 'CAMELLIA-128-CFB', 'camellia192': 'CAMELLIA-192-CFB', 'camellia256': 'CAMELLIA-256-CFB', # 'unencrypted': 'NULL', # can't be set } asymmetric_group_backwards_map = { 'nistp256': 'SECP256R1', 'nistp384': 'SECP384R1', 'nistp521': 'SECP521R1', 'cv25519': 'X25519', 'x25519': 'X25519', 'x448': 'X448', 'mlkem768-x25519': 'MLKEM768-X25519', 'mlkem1024-x448': 'MLKEM1024-X448', } asymmetric_sign_backwards_map = { 'ed25519': 'EDDSA-ED25519', 'eddsa': 'EDDSA-ED25519', # legacy Ed25519 in v4 signatures 'ed448': 'EDDSA-ED448', 'mldsa65-ed25519': 'MLDSA65-ED25519', 'mldsa87-ed448': 'MLDSA87-ED448', } asymmetric_always_disabled = ( 'elgamal1024', 'elgamal2048', 'elgamal3072', 'elgamal4096', 'brainpoolp256', 'brainpoolp512', # 'unknown', # can't be set ) aead_backwards_map = { 'eax': {'AES-256-EAX', 'AES-128-EAX'}, 'ocb': {'AES-256-OCB', 'AES-128-OCB'}, 'gcm': {'AES-256-GCM', 'AES-128-GCM'}, } # listing new algorithms here would let old sequoia ignore unknown values ignore_invalid = { # c-p property name -> tuple[sequoia algorithm names] # sequoia-openpgp 2, rpm-sequoia 1.8 'hash': ('sha3-256', 'sha3-512'), 'group': ('x25519', 'x448', 'mlkem768-x25519', 'mlkem1024-x448'), # eddsa split off from ed25519 in sequoia-openpgp 2.1 'sign': ('ed25519', 'ed448', 'eddsa', 'mldsa65-ed25519', 'mldsa87-ed448'), 'aead': ('gcm',), } @classmethod def _generate_ignore_invalid(cls, *kinds): values = [v for k in kinds for v in cls.ignore_invalid.get(k, [])] if values: values = ', '.join(f'"{v}"' for v in values) return f'ignore_invalid = [ {values} ]\n' return '' @classmethod def generate_config(cls, unscoped_policy): return cls._generate_config(unscoped_policy.scoped({'sequoia'})) @classmethod def _generate_config(cls, policy): p = policy.enabled cfg = '[hash_algorithms]\n' cfg += cls._generate_ignore_invalid('hash') for seqoia_name, c_p_name in cls.hash_backwards_map.items(): v = 'always' if c_p_name in p['hash'] else 'never' cfg += f'{seqoia_name}.collision_resistance = "{v}"\n' cfg += f'{seqoia_name}.second_preimage_resistance = "{v}"\n' cfg += 'default_disposition = "never"\n\n' cfg += '[symmetric_algorithms]\n' cfg += cls._generate_ignore_invalid('cipher') for seqoia_name, c_p_name in cls.symmetric_backwards_map.items(): v = 'always' if c_p_name in p['cipher'] else 'never' cfg += f'{seqoia_name} = "{v}"\n' cfg += 'default_disposition = "never"\n\n' cfg += '[asymmetric_algorithms]\n' cfg += cls._generate_ignore_invalid('group', 'sign') # ugly inference from various lists: rsa/dsa is sign + min_size any_rsa = any(s.startswith('RSA-') for s in p['sign']) any_dsa = any(s.startswith('DSA-') for s in p['sign']) min_rsa = policy.integers['min_rsa_size'] for l in 1024, 2048, 3072, 4096: v = 'always' if l >= min_rsa and any_rsa else 'never' cfg += f'rsa{l} = "{v}"\n' min_dsa = policy.integers['min_dsa_size'] for l in 1024, 2048, 3072, 4096: v = 'always' if l >= min_dsa and any_dsa else 'never' cfg += f'dsa{l} = "{v}"\n' # groups for seq_name, group in cls.asymmetric_group_backwards_map.items(): v = 'always' if group in p['group'] else 'never' cfg += f'{seq_name} = "{v}"\n' # sign for seq_name, sign in cls.asymmetric_sign_backwards_map.items(): v = 'always' if sign in p['sign'] else 'never' cfg += f'{seq_name} = "{v}"\n' # always disabled for seq_name in cls.asymmetric_always_disabled: cfg += f'{seq_name} = "never"\n' cfg += 'default_disposition = "never"\n' # aead algorithms cfg += '\n[aead_algorithms]\n' cfg += 'default_disposition = "never"\n' cfg += cls._generate_ignore_invalid('aead') for seq_name, c_p_names in cls.aead_backwards_map.items(): v = 'always' if c_p_names.intersection(p['cipher']) else 'never' cfg += f'{seq_name} = "{v}"\n' return cfg @classmethod def _lint_config(cls, linter, config, stricter=False, linter_missing_ok=False): policy_descr = 'the generated sequoia policy' if stricter: stricter_config = '\n'.join( l for l in config.split('\n') if not l.startswith('ignore_invalid = ') ) if config != stricter_config: config = stricter_config policy_descr = 'a tightened sequoia policy' fd, path = mkstemp() try: with os.fdopen(fd, 'w') as f: f.write(config) r = subprocess.run([linter, path], check=False, encoding='utf-8', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) cls.eprint(f'{linter} returns {r.returncode} for {policy_descr}' + (f': `{r.stdout}`' if r.stdout else '')) if (r.returncode, r.stdout) == (0, ''): return True cls.eprint(f'There is an error in {policy_descr}') except FileNotFoundError: if linter_missing_ok: cls.eprint(f'{linter} not found, skipping...') return True cls.eprint(f'{linter} not found!') finally: os.unlink(path) return False @classmethod def test_config(cls, config): # check for TOML validity toml.loads(config) try: toml.loads(config) cls.eprint('the generated sequoia policy is valid TOML') except toml_error as ex: cls.eprint('There is a syntax error in generated sequoia policy') cls.eprint(f'Invalid TOML: {type(ex)} {ex}') cls.eprint(f'Policy:\n{config}') return False if os.getenv('OLD_SEQUOIA') == '1': return True loose = os.getenv('SEQUOIA_POLICY_CONFIG_CHECK_LOOSE') strict = os.getenv('SEQUOIA_POLICY_CONFIG_CHECK_STRICT') if loose is None and strict is None: return cls._lint_config('sequoia-policy-config-check', config, stricter=True, linter_missing_ok=True) for linter in loose.split(): if not cls._lint_config(linter, config, stricter=False): return False for linter in strict.split(): if not cls._lint_config(linter, config, stricter=True): return False return True class RPMSequoiaGenerator(SequoiaGenerator): CONFIG_NAME = 'rpm-sequoia' @classmethod def generate_config(cls, unscoped_policy): return cls._generate_config(unscoped_policy.scoped({'rpm', 'rpm-sequoia'})) crypto-policies-20251128.git19878fe/python/update-crypto-policies.py000077500000000000000000000416171511230041100251230ustar00rootroot00000000000000#!/usr/bin/env python3 # SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2019 Red Hat, Inc. # Copyright (c) 2019 Tomáš Mráz import argparse import glob import os import shutil import subprocess import sys import warnings from tempfile import mkdtemp, mkstemp import cryptopolicies import cryptopolicies.validation import policygenerators warnings.formatwarning = lambda msg, category, *_unused_a, **_unused_kwa: \ f'{category.__name__}: {str(msg)[:1].upper() + str(msg)[1:]}\n' DEFAULT_PROFILE_DIR = '/usr/share/crypto-policies' DEFAULT_BASE_DIR = '/etc/crypto-policies' RELOAD_CMD_NAME = 'reload-cmds.sh' FIPS_MODE_FLAG = '/proc/sys/crypto/fips_enabled' profile_dir = None base_dir = None local_dir = None backend_config_dir = None state_dir = None reload_cmd_path = None def eprint(*args, **kwargs): print(*args, file=sys.stderr, **kwargs) def dir_paths(alt_base=None): # pylint: disable=W0603 global profile_dir global base_dir global local_dir global backend_config_dir global state_dir global reload_cmd_path try: profile_dir = os.environ['profile_dir'] cryptopolicies.UnscopedCryptoPolicy.SHARE_DIR = profile_dir except KeyError: profile_dir = DEFAULT_PROFILE_DIR if alt_base is not None: base_dir = alt_base else: try: base_dir = os.environ['base_dir'] cryptopolicies.UnscopedCryptoPolicy.CONFIG_DIR = base_dir except KeyError: base_dir = DEFAULT_BASE_DIR local_dir = os.path.join(base_dir, 'local.d') backend_config_dir = os.path.join(base_dir, 'back-ends') state_dir = os.path.join(base_dir, 'state') reload_cmd_path = os.path.join(profile_dir, RELOAD_CMD_NAME) def get_walk(path): # NOTE: filecmp.dircmp compares mtimes, which are irrelevant. # Comparing file lists and contents instead. old_cwd = os.getcwd() os.chdir(path) walk = os.walk('.') # sort not just the triplets, but the iterables inside them as well walk = ((root, sorted(dirs), sorted(files)) for root, dirs, files in walk) walk = sorted(walk) os.chdir(old_cwd) return walk def parse_args(): """Parse the command line""" parser = argparse.ArgumentParser(allow_abbrev=False) group = parser.add_mutually_exclusive_group() group.add_argument('--set', nargs='?', default='', metavar='POLICY', help='set the policy POLICY') group.add_argument('--show', action='store_true', help='show the current policy from the configuration') group.add_argument('--is-applied', action='store_true', help='check whether the current policy is applied') group.add_argument('--check', action='store_true', help='check whether the generated policy files ' 'match the current policy') parser.add_argument('--no-check', action='store_true', help=argparse.SUPPRESS) parser.add_argument('--no-reload', action='store_true', help='do not run the reload scripts ' 'when setting a policy') return parser.parse_args() def is_applied(): try: time1 = os.stat(os.path.join(state_dir, 'current')).st_mtime time2 = os.stat(os.path.join(base_dir, 'config')).st_mtime with open(os.path.join(state_dir, 'current'), encoding='utf-8') as f: contents1 = f.read() with open(os.path.join(base_dir, 'config'), encoding='utf-8') as f: contents2 = f.read() except OSError: sys.exit(77) if (time1 >= time2 and contents1 == contents2 and not is_fips_auto_bind_mounted()): print("The configured policy is applied") sys.exit(0) print("The configured policy is NOT applied") sys.exit(1) def check(): orig_base_dir = base_dir orig_local_dir = local_dir orig_backend_config_dir = backend_config_dir orig_state_dir = state_dir alt_base = mkdtemp() dir_paths(alt_base=alt_base) # These are the *inputs* for generating the resulting configuration. shutil.copytree(src=orig_local_dir, dst=local_dir) shutil.copy(src=os.path.join(orig_base_dir, 'config'), dst=os.path.join(base_dir, 'config')) # generate configuration for the current policy # in alt_base path instead of default setup_directories() pconfig = parse_pconfig() apply_policy(pconfig, print_enabled=False, allow_symlinking=False) walk_orig_backend = get_walk(orig_backend_config_dir) walk_backend = get_walk(backend_config_dir) walk_orig_state = get_walk(orig_state_dir) walk_state = get_walk(state_dir) err = False if walk_orig_backend != walk_backend: err = True if walk_orig_state != walk_state: err = True _backend = orig_backend_config_dir, backend_config_dir, walk_backend _state = orig_state_dir, state_dir, walk_state for orig_prefix, tmp_prefix, walk in _backend, _state: for d, _, fl in walk: for f in fl: if err: break f_orig = os.path.join(orig_prefix, d, f) f_tmp = os.path.join(tmp_prefix, d, f) with open(f_orig, 'rb') as fp1, open(f_tmp, 'rb') as fp2: # inspired by Python 3.8's filecmp._do_cmp() while not err: b1 = fp1.read(8192) b2 = fp2.read(8192) if b1 != b2: err = True if not b1: break shutil.rmtree(alt_base) if err: eprint("The configured policy does NOT match the generated policy") sys.exit(1) else: print("The configured policy matches the generated policy") sys.exit(0) def setup_directories(): try: os.makedirs(backend_config_dir, mode=0o755, exist_ok=True) os.makedirs(state_dir, mode=0o755, exist_ok=True) except OSError: pass def fips_mode(): try: with open(FIPS_MODE_FLAG, encoding='ascii') as f: return int(f.read()) > 0 except OSError: return False def is_mounted(whatsuffix, where): whatsuffix, where = whatsuffix.encode(), where.encode() with open('/proc/self/mountinfo', 'br') as f: for line in reversed(f.readlines()): _, _, _, what_, where_, *_ = line.split(b' ') if where == where_: return what_.endswith(whatsuffix) return False def is_fips_auto_bind_mounted(): policy_file = os.path.join(base_dir, 'config') backends = os.path.join(base_dir, 'back-ends') return (is_mounted('/crypto-policies/default-fips-config', policy_file) and is_mounted('/crypto-policies/back-ends/FIPS', backends)) def umount_fips_auto_bind(): assert is_fips_auto_bind_mounted() # noqa: S101 policy_file = os.path.join(base_dir, 'config') backends = os.path.join(base_dir, 'back-ends') subprocess.check_call(['/bin/umount', policy_file]) subprocess.check_call(['/bin/umount', backends]) def safe_write(directory, filename, contents): (fd, path) = mkstemp(prefix=filename, dir=directory) os.write(fd, bytes(contents, 'utf-8')) os.fsync(fd) os.fchmod(fd, 0o644) try: os.rename(path, os.path.join(directory, filename)) except OSError: os.unlink(path) os.close(fd) raise finally: os.close(fd) def safe_symlink(directory, filename, target): (fd, path) = mkstemp(prefix=filename, dir=directory) os.close(fd) os.unlink(path) os.symlink(target, path) try: os.rename(path, os.path.join(directory, filename)) except OSError: os.unlink(path) raise # pylint: disable=too-many-arguments, too-many-positional-arguments def save_config(pconfig, cfgname, cfgdata, cfgdir, localdir, profiledir, policy_was_empty, allow_symlinking=False): local_cfg_path = os.path.join(localdir, cfgname + '-*.config') local_cfgs = sorted(glob.glob(local_cfg_path)) local_cfg_present = False for lcfg in local_cfgs: if os.path.exists(lcfg): local_cfg_present = True break profilepath = os.path.join(profiledir, str(pconfig), cfgname + '.txt') profilepath_exists = os.access(profilepath, os.R_OK) if not local_cfg_present and profilepath_exists and allow_symlinking: safe_symlink(cfgdir, cfgname + '.config', profilepath) return if profilepath_exists and not pconfig.subpolicies and policy_was_empty: # special case: if the policy has no directives, has files on disk, # and no subpolicy is used, but local.d modifications are present, # we'll concatenate the externally supplied policy with local.d with open(profilepath, encoding='utf-8') as f_pre: cfgdata = f_pre.read() safe_write(cfgdir, cfgname + '.config', cfgdata) if local_cfg_present: cfgfile = os.path.join(cfgdir, cfgname + '.config') try: with open(cfgfile, 'a', encoding='utf-8') as cf: for lcfg in local_cfgs: try: with open(lcfg, encoding='utf-8') as lf: local_data = lf.read() except OSError: eprint(f'Cannot read local policy file {lcfg}') continue try: cf.write(local_data) except OSError: eprint('Error appending local configuration ' f'{lcfg} to {cfgfile}') except OSError: eprint(f'Error opening configuration {cfgfile} ' 'for appending local configuration') # pylint: enable=too-many-arguments class ProfileConfig: def __init__(self): self.policy = '' self.subpolicies = [] def parse_string(self, s, subpolicy=False): l = s.upper().split(':') if l[0] and not subpolicy: self.policy = l[0] l = l[1:] l = [i for i in l if l] if subpolicy: self.subpolicies.extend(l) else: self.subpolicies = l def parse_file(self, filename): subpolicy = False with open(filename, encoding='utf-8') as f: for line in f: line = line.split('#', 1)[0] line = line.strip() if line: self.parse_string(line, subpolicy) subpolicy = True def remove_subpolicies(self, s): l = s.upper().split(':') self.subpolicies = [i for i in self.subpolicies if i not in l] def __str__(self): s = self.policy subs = ':'.join(self.subpolicies) if subs: s = s + ':' + subs return s def show(self): print(str(self)) def parse_pconfig(): pconfig = ProfileConfig() configfile = os.path.join(base_dir, 'config') if os.access(configfile, os.R_OK): pconfig.parse_file(configfile) elif fips_mode(): pconfig.parse_string('FIPS') else: pconfig.parse_file(os.path.join(profile_dir, 'default-config')) return pconfig def apply_policy(pconfig, profile=None, print_enabled=True, allow_symlinking=True): err = 0 set_config = False if profile: oldpolicy = pconfig.policy pconfig.parse_string(profile) set_config = True bootc = os.path.exists('/usr/bin/bootc') is_in_fips_mode = fips_mode() # FIPS profile is a special case if pconfig.policy != oldpolicy and print_enabled: if pconfig.policy == 'FIPS': if not bootc and not is_in_fips_mode: eprint("Warning: Using 'update-crypto-policies --set FIPS'" " is not sufficient for") eprint(" FIPS compliance.") eprint(" The kernel must be started with `fips=1`" " for FIPS compliance.") elif is_in_fips_mode: eprint("Warning: Using 'update-crypto-policies --set' " "in FIPS mode will make the system") eprint(" non-compliant with FIPS.") eprint(" It can also break ssh access to the system.") eprint(" Reboot without `fips=1` on the kernel command" " line to disable the") eprint(" system FIPS mode.") if base_dir == DEFAULT_BASE_DIR and os.geteuid() != 0: eprint("You must be root to run update-crypto-policies.") sys.exit(1) try: ucp = cryptopolicies.UnscopedCryptoPolicy(pconfig.policy, *pconfig.subpolicies) except cryptopolicies.validation.PolicyFileNotFoundError as ex: eprint(ex) sys.exit(1) except cryptopolicies.validation.PolicySyntaxError as ex: eprint(f'Errors found in policy, first one: \n{ex}') sys.exit(1) if is_fips_auto_bind_mounted(): # System has been booted with fips=1 and either of dracut module # or systemd unit caught that and set up bind mounts of # /usr/share/crypto-policies/back-ends/FIPS/ # -> /etc/crypto-policies/back-ends/ and # /usr/share/crypto-policies/default-fips-config # -> /etc/crypto-policies/config eprint("There's an automatic FIPS policy bind-mount " "from booting with fips=1") eprint(f"The information under {state_dir} might not be accurate.") if set_config: # Unset this "auto-policy" to set a proper one. print("Removing automatic FIPS policy bind-mount") umount_fips_auto_bind() # proceed with updating the policy elif glob.glob(os.path.join(local_dir, '*-*.config')): eprint(f"There are drop-in files under {local_dir} that will be" "ignored in an automatic FIPS policy. " "To make them effective, manually switch to a FIPS policy " "by running `update-crypto-policies --set FIPS`.") # nothing to update, it's a bind-mount to pregenerated files anyway return err else: print("Consider switching to a permanent FIPS policy with " "update-crypto-policies --set FIPS, so that " f"the information under {state_dir} is accurate " f"and files that might be added to {local_dir} " "in the future will be in effect.") # nothing to update, it's a bind-mount to pregenerated files anyway return err if print_enabled: print("Setting system policy to " + str(pconfig)) generators = [g for g in dir(policygenerators) if 'Generator' in g] for g in generators: cls = policygenerators.__dict__[g] gen = cls() try: config = gen.generate_config(ucp) except LookupError: eprint('Error generating config for ' + gen.CONFIG_NAME) eprint('Keeping original configuration') err = 1 try: save_config(pconfig, gen.CONFIG_NAME, config, backend_config_dir, local_dir, profile_dir, policy_was_empty=ucp.is_empty(), allow_symlinking=allow_symlinking) except OSError: eprint('Error saving config for ' + gen.CONFIG_NAME) eprint('Keeping original configuration') err = 1 if set_config: try: safe_write(base_dir, 'config', str(pconfig) + '\n') except OSError: eprint('Error setting the current policy configuration') err = 3 try: safe_write(state_dir, 'current', str(pconfig) + '\n') except OSError: eprint('Error updating current policy marker') err = 2 try: safe_write(state_dir, 'CURRENT.pol', str(ucp)) except OSError: eprint('Error updating current policy dump') err = 2 if print_enabled: print("Note: System-wide crypto policies " "are applied on application start-up.") print("It is recommended to restart the system " "for the change of policies") print("to fully take place.") return err def main(): """The actual command implementation""" dir_paths() cmdline = parse_args() if cmdline.is_applied: is_applied() sys.exit(0) if cmdline.check: check() sys.exit(0) setup_directories() pconfig = parse_pconfig() if cmdline.show: pconfig.show() sys.exit(0) profile = cmdline.set err = apply_policy(pconfig, profile) if not cmdline.no_reload: subprocess.call(['/bin/bash', reload_cmd_path]) sys.exit(err) # Entry point if __name__ == "__main__": main() crypto-policies-20251128.git19878fe/ruff.toml000066400000000000000000000062041511230041100204500ustar00rootroot00000000000000line-length = 79 preview = true [lint] explicit-preview-rules = true select = [ "ALL", "CPY001", # Missing copyright notice at top of file" "FURB101", # read-whole-file "PLR6201", # literal-membership "PLW1514", # unspecified-encoding "FURB177", # implicit-cwd "RUF022", # unsorted-dunder-all "C420", # unnecessary-dict-comprehension-for-iterable ] ignore = [ # conflicting rules "D203", # one-blank-line-before-class (conflicting rule) "D213", # multi-line-summary-second-line (conflicting rule) # rules that are overbearing "S603", # subprocess-without-shell-equals-true "TRY300", # try-consider-else # stuff that flares up "D100", # undocumented-public-module "D101", # undocumented-public-class "D102", # undocumented-public-method "D103", # undocumented-public-function "D104", # undocumented-public-package "D105", # undocumented-magic-method "D107", # undocumented-public-init ] per-file-ignores."python/**" = [ # stuff that flares up "C901", # complex-structure "D205", # blank-line-after-summary "D212", # multi-line-summary-first-line "D400", # ends-in-period "D401", # non-imperative-mood "D415", # ends-in-punctuation "E741", # ambiguous-variable-name: `l` "FBT002", # boolean-default-value-positional-argument "FIX002", # line-contains-todo "FURB101", # read-whole-file "N806", # non-lowercase-variable-in-function "PLR0912", # too-many-branches "PLR0915", # too-many-statements "PTH", # flake8-use-pathlib "Q000", # bad-quotes-inline-string "T201", # print "TD002", # missing-todo-author "TD003", # missing-todo-link ] per-file-ignores."python/policygenerators/*.py" = [ # stuff that flares up "ARG003", # unused-class-method-argument "COM812", # missing-trailing-comma "ERA001", # commented-out-code "FIX001", # line-contains-fixme "ISC001", # single-line-implicit-string-concatenation "PERF203", # try-except-in-loop "PLR2004", # magic-value-comparison "RUF012", # mutable-class-default "S602", # subprocess-popen-with-shell-equals-true "SIM102", # collapsible-if "SIM105", # suppressible-exception "TD001", # invalid-todo-tag "TD004", # missing-todo-colon ] per-file-ignores."python/build-crypto-policies.py" = [ "SIM102", # collapsible-if ] per-file-ignores."python/cryptopolicies/cryptopolicies.py" = [ "B028", # no-explicit-stacklevel "PYI024", # collections-named-tuple "S101", # Use of `assert` detected ] per-file-ignores."python/cryptopolicies/alg_lists.py" = [ "B028", # no-explicit-stacklevel "D402", # no-signature ] per-file-ignores."python/update-crypto-policies.py" = [ "PLR0913", # too-many-arguments "PLW0603", # global-statement "PLW2901", # redefined-loop-name "SIM112", # uncapitalized-environment-variables ] per-file-ignores."tests/**" = [ "INP001", # implicit-namespace-package "S101", # assert ] per-file-ignores."tests/*.py" = [ "CPY001", # Missing copyright notice at top of file" "T201", # print ] exclude = [ "tests/krb5check/*" ] flake8-annotations.ignore-fully-untyped = true flake8-quotes.inline-quotes = "single" flake8-quotes.multiline-quotes = "single" crypto-policies-20251128.git19878fe/tests/000077500000000000000000000000001511230041100177515ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/alternative-policies/000077500000000000000000000000001511230041100240745ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/alternative-policies/DEFAULT.pol000066400000000000000000000067701511230041100257060ustar00rootroot00000000000000# A reasonable default for today's standards. It should provide # 112-bit security with the exception of SHA1 signatures in DNSSec # SHA1 is also enabled in HMAC where collision attacks do not matter. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@krb5 = -HMAC-SHA2-384 mac@krb5 = +HMAC-SHA2-384 mac@krb5 = -HMAC-SHA1 mac@krb5 = HMAC-SHA1+ # X25519-MLKEM768 is aliased to MLKEM768-X25519 group = X25519-MLKEM768 P256-MLKEM768 P384-MLKEM1024 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 sign@*sequoia = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP tls_cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). ssh_cipher = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR cipher@*sequoia = AES-*-CFB AES-*-GCM AES-*-OCB AES-*-EAX CAMELLIA-*-CFB cipher@{rpm-sequoia,sequoia} = -*-192-CFB # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = KEM-ECDH ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol = TLS1.3 TLS1.2 DTLS1.2 ike_protocol = IKEv2 min_tls_version = TLS1.2 min_dtls_version = DTLS1.2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@pkcs12-import = 3DES-CBC+ RC2-CBC+ hash@pkcs12-import = SHA1+ cipher@nss-smime = AES-256-CBC AES-128-CBC 3DES-CBC cipher@smime-import = RC2-CBC+ hash@smime = SHA1+ key_exchange@smime = * # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 # SHA1 is still prevalent in DNSSec sha1_in_dnssec = 1 arbitrary_dh_groups = 1 ssh_certs = 1 ssh_etm = 1 # https://pagure.io/fesco/issue/2960 # "RPM must accept SHA-1 hashes and DSA keys for Fedora 38" sign@rpm-sequoia = DSA-SHA1+ hash@rpm-sequoia = SHA1+ min_dsa_size@rpm-sequoia = 1024 crypto-policies-20251128.git19878fe/tests/alternative-policies/EMPTY.pol000066400000000000000000000006131511230041100255060ustar00rootroot00000000000000# Just an empty policy for testing mac = group = ssh_group = hash = sign = tls_cipher = ssh_cipher = cipher = key_exchange = protocol = ike_protocol = min_tls_version = 0 min_dtls_version = 0 # Parameter sizes min_dh_size = 0 min_dsa_size = 0 min_rsa_size = 0 # GnuTLS only for now sha1_in_certs = 0 # For BIND sha1_in_dnssec = 0 arbitrary_dh_groups = 0 ssh_certs = 0 ssh_etm = 0 crypto-policies-20251128.git19878fe/tests/alternative-policies/FEDORA42.pol000066400000000000000000000064151511230041100257240ustar00rootroot00000000000000# A reasonable default for today's standards. It should provide # 112-bit security with the exception of SHA1 signatures in DNSSec # SHA1 is also enabled in HMAC where collision attacks do not matter. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@krb5 = -HMAC-SHA2-384 mac@krb5 = +HMAC-SHA2-384 mac@krb5 = -HMAC-SHA1 mac@krb5 = HMAC-SHA1+ group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 tls_cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). ssh_cipher = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR cipher@*sequoia = AES-*-CFB AES-*-GCM AES-*-OCB AES-*-EAX CAMELLIA-*-CFB cipher@{rpm-sequoia,sequoia} = -*-192-CFB # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol = TLS1.3 TLS1.2 DTLS1.2 ike_protocol = IKEv2 min_tls_version = TLS1.2 min_dtls_version = DTLS1.2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@pkcs12-import = 3DES-CBC+ RC2-CBC+ hash@pkcs12-import = SHA1+ cipher@nss-smime = AES-256-CBC AES-128-CBC 3DES-CBC cipher@smime-import = RC2-CBC+ hash@smime = SHA1+ key_exchange@smime = * # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 # SHA1 is still prevalent in DNSSec sha1_in_dnssec = 1 arbitrary_dh_groups = 1 ssh_certs = 1 ssh_etm = 1 # https://pagure.io/fesco/issue/2960 # "RPM must accept SHA-1 hashes and DSA keys for Fedora 38" sign@rpm-sequoia = DSA-SHA1+ hash@rpm-sequoia = SHA1+ min_dsa_size@rpm-sequoia = 1024 crypto-policies-20251128.git19878fe/tests/alternative-policies/FEDORA43.pol000066400000000000000000000067301511230041100257250ustar00rootroot00000000000000# A reasonable default for today's standards. It should provide # 112-bit security with the exception of SHA1 signatures in DNSSec # SHA1 is also enabled in HMAC where collision attacks do not matter. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20, including AES-CBC) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@krb5 = -HMAC-SHA2-384 mac@krb5 = +HMAC-SHA2-384 mac@krb5 = -HMAC-SHA1 mac@krb5 = HMAC-SHA1+ group = X25519-MLKEM768 P256-MLKEM768 P384-MLKEM1024 MLKEM768-X25519 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-256 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 sign@*sequoia = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP tls_cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). ssh_cipher = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-128-GCM AES-128-CTR cipher@*sequoia = AES-*-CFB AES-*-GCM AES-*-OCB AES-*-EAX CAMELLIA-*-CFB cipher@{rpm-sequoia,sequoia} = -*-192-CFB # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = KEM-ECDH ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol = TLS1.3 TLS1.2 DTLS1.2 ike_protocol = IKEv2 min_tls_version = TLS1.2 min_dtls_version = DTLS1.2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@pkcs12-import = 3DES-CBC+ RC2-CBC+ hash@pkcs12-import = SHA1+ cipher@nss-smime = AES-256-CBC AES-128-CBC 3DES-CBC cipher@smime-import = RC2-CBC+ hash@smime = SHA1+ key_exchange@smime = * # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 # SHA1 is still prevalent in DNSSec sha1_in_dnssec = 1 arbitrary_dh_groups = 1 ssh_certs = 1 ssh_etm = 1 # https://pagure.io/fesco/issue/2960 # "RPM must accept SHA-1 hashes and DSA keys for Fedora 38" sign@rpm-sequoia = DSA-SHA1+ hash@rpm-sequoia = SHA1+ min_dsa_size@rpm-sequoia = 1024 crypto-policies-20251128.git19878fe/tests/alternative-policies/FIPS.pol000066400000000000000000000056511511230041100253600ustar00rootroot00000000000000# Only FIPS approved or allowed algorithms. It does not provide FIPS compliance # by itself, the FIPS validated crypto modules must be properly installed # and the machine must be booted into the FIPS mode. # MACs: all HMAC with SHA1 or better # Curves: all prime >= 256 bits, hybrid ML-KEM # Signature algorithms: with SHA224 hash or better (no DSA), pure ML-DSA # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, including AES-CBC) # non-TLS Ciphers: same # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 HMAC-SHA2-384 HMAC-SHA2-512 mac@krb5 = -HMAC-SHA2-384 mac@krb5 = +HMAC-SHA2-384 mac@krb5 = -HMAC-SHA1 mac@krb5 = HMAC-SHA1+ group = X25519-MLKEM768 P256-MLKEM768 P384-MLKEM1024 \ SECP256R1 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 group@openssl = \ P256-MLKEM768 X25519-MLKEM768 P384-MLKEM1024 \ SECP256R1 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 # deprioritize X25519-MLKEM768 group@{openssh,sequoia,rpm} = -X25519-MLKEM768 hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 sign@*sequoia = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP tls_cipher = AES-256-GCM AES-256-CCM \ AES-256-CBC \ AES-128-GCM AES-128-CCM \ AES-128-CBC cipher = AES-256-GCM AES-256-CCM \ AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CCM \ AES-128-CTR AES-128-CBC # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). ssh_cipher = AES-256-GCM AES-256-CTR AES-128-GCM AES-128-CTR cipher@{RPM,sequoia} = AES-*-CFB AES-*-GCM cipher@*sequoia = -*-192-CFB key_exchange = KEM-ECDH ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK protocol = TLS1.3 TLS1.2 DTLS1.2 ike_protocol = IKEv2 cipher@{pkcs12,smime} = AES-256-CBC AES-128-CBC hash@{pkcs12,smime} = SHA*-256 SHA*-384 SHA*-512 SHA2-224 key_exchange@smime = * min_tls_version = TLS1.2 min_dtls_version = DTLS1.2 # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 # For BIND sha1_in_dnssec = 0 arbitrary_dh_groups = 1 ssh_certs = 1 ssh_etm = 1 __ems = ENFORCE crypto-policies-20251128.git19878fe/tests/alternative-policies/FUTURE.pol000066400000000000000000000057441511230041100256340ustar00rootroot00000000000000# A level that will provide security on a conservative level that is # believed to withstand any near-term future attacks. And also provide # some (not complete) preparation for post quantum encryption support # in form of 256 bit symmetric encryption requirement. # It provides at least an 128-bit security. This level may prevent # communication with many used systems that provide weaker security levels # (e.g., systems that use SHA-1 as signature algorithm). # MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers # non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers and Camellia # key exchange: ECDHE, DHE (no DHE-DSS) # DH params size: >= 3072 # RSA params size: >= 3072 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@krb5 = -HMAC-SHA2-384 mac@krb5 = +HMAC-SHA2-384 group = X25519-MLKEM768 P256-MLKEM768 P384-MLKEM1024 MLKEM768-X25519 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 sign@*sequoia = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP tls_cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC \ AES-256-CFB CAMELLIA-256-CFB # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). ssh_cipher = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR cipher@{RPM,sequoia} = *-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX key_exchange = KEM-ECDH ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS protocol = TLS1.3 TLS1.2 DTLS1.2 ike_protocol = IKEv2 cipher@pkcs12 = AES-256-CBC AES-128-CBC cipher@smime = AES-256-CBC AES-128-CBC cipher@smime-import = 3DES-CBC+ key_exchange@smime = * min_tls_version = TLS1.2 min_dtls_version = DTLS1.2 # Parameter sizes min_dh_size = 3072 min_dsa_size = 3072 min_rsa_size = 3072 # GnuTLS only for now sha1_in_certs = 0 # For BIND sha1_in_dnssec = 0 arbitrary_dh_groups = 1 ssh_certs = 1 ssh_etm = 1 crypto-policies-20251128.git19878fe/tests/alternative-policies/GOST-ONLY.pol000066400000000000000000000011431511230041100261420ustar00rootroot00000000000000# Next generation GOST algorithms mac = AEAD *STREEBOG* *-OMAC *-OMAC-ACPKM *GOST* group = *GOST* hash = *GOST* *STREEBOG* sign = *GOST* cipher@TLS = GOST28147-TC26Z-CNT GOST28147-CPA-CFB MAGMA-CTR-ACPKM KUZNYECHIK-CTR-ACPKM cipher@!TLS = GOST28147-TC26Z-CNT MAGMA-CTR-ACPKM KUZNYECHIK-CTR-ACPKM GOST28147-C* key_exchange = *GOST* protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 min_tls_version = TLS1.0 # Parameter sizes # GOST ciphersuites don't use DH params. The value is set to fit SECLEVEL=2 for OpenSSL min_dh_size = 2048 min_dsa_size = 2048 min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 crypto-policies-20251128.git19878fe/tests/alternative-policies/LEGACY.pol000066400000000000000000000074501511230041100255620ustar00rootroot00000000000000# Provides settings for ensuring maximum compatibility with legacy systems. # This policy is less secure and intended to be a easy way to switch system # to be compatible with older systems. # It should provide at least 64-bit security, include 3DES, but exclude RC4. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-1 hash or better (DSA allowed) # TLS Ciphers: all available > 112-bit key, >= 128-bit block # (including 3DES, excluding RC4) # non-TLS Ciphers: as TLS Ciphers with added Camellia # key exchange: ECDHE, RSA, DHE # DH params size: >= 1024 # RSA params size: >= 1024 # DSA params size: >= 1024 # TLS protocols: TLS >= 1.0 DTLS >= 1.0 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@krb5 = -HMAC-SHA2-384 mac@krb5 = +HMAC-SHA2-384 mac@krb5 = -HMAC-SHA1 mac@krb5 = HMAC-SHA1+ group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 MLKEM1024-X448 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 ssh_group = MLKEM768-X25519 P256-MLKEM768 P384-MLKEM1024 \ X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 \ FFDHE-1536 FFDHE-1024 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA*-224 SHAKE-* \ SHA1 sign = MLDSA44 MLDSA65 MLDSA87 \ ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 \ DSA-SHA2-256 DSA-SHA2-384 DSA-SHA2-512 DSA-SHA2-224 \ DSA-SHA3-256 DSA-SHA3-384 DSA-SHA3-512 \ ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 DSA-SHA1 sign@*sequoia = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP tls_cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC 3DES-CBC cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \ AES-256-CTR AES-256-CBC CAMELLIA-256-CBC AES-128-GCM AES-128-CCM \ CAMELLIA-128-GCM AES-128-CTR AES-128-CBC CAMELLIA-128-CBC \ 3DES-CBC ssh_cipher = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CTR AES-128-CBC 3DES-CBC cipher@{RPM,sequoia} = AES-*-CFB AES-*-GCM AES-*-OCB AES-*-EAX CAMELLIA-*-CFB cipher@*sequoia = -*-192-CFB # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = KEM-ECDH ECDHE RSA DHE DHE-RSA DHE-DSS PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol = TLS1.3 TLS1.2 TLS1.1 TLS1.0 DTLS1.2 DTLS1.0 ike_protocol = IKEv2 min_tls_version = TLS1.0 min_dtls_version = DTLS1.0 cipher@pkcs* = * cipher@pkcs* = -*-GCM -CHACHA20-POLY1305 hash@pkcs* = * cipher@smime = * cipher@smime* = -*-GCM -CHACHA20-POLY1305 -CAMELLIA-* cipher@smime* = -RC4-128 -RC4-40 -DES40-CBC -SEED-CBC hash@smime* = * key_exchange@smime = * # Parameter sizes min_dh_size = 1024 min_dsa_size = 1024 min_rsa_size = 1024 # GnuTLS only for now sha1_in_certs = 1 # https://fedoraproject.org/wiki/Changes/OpenSSLDistrustSHA1SigVer __openssl_block_sha1_signatures = 0 # SHA1 is still prevalent in DNSSec sha1_in_dnssec = 1 arbitrary_dh_groups = 1 ssh_certs = 1 ssh_etm = 1 crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/000077500000000000000000000000001511230041100255445ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/AD-SUPPORT.pmod000066400000000000000000000005131511230041100300620ustar00rootroot00000000000000# AD-SUPPORT subpolicy is intended to be used in Active Directory # environments where either accounts or trusted domain objects were not yet # migrated to AES or future encryption types. Active Directory implicitly # requires RC4 and MD5 (arcfour-hmac-md5) in Kerberos by default. cipher@kerberos = RC4-128+ hash@kerberos = MD5+ crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/ECDHE-ONLY.pmod000066400000000000000000000003351511230041100300150ustar00rootroot00000000000000# This is an example of a subpolicy # enforcing ECDHE and ECDHE with PSK key exchanges key_exchange = ECDHE ECDHE-PSK group = -FFDHE-1536 -FFDHE-2048 -FFDHE-3072 -FFDHE-4096 -FFDHE-6144 \ -FFDHE-8192 -FFDHE-1024 crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/GOST.pmod000066400000000000000000000007771511230041100272140ustar00rootroot00000000000000# Adds GOST algorithms. # This is an example subpolicy, the algorithm names might differ in reality. mac = +*STREEBOG-* +*-OMAC +*-OMAC-ACPKM +GOST28147* +AEAD group = +*GOST* hash = +*STREEBOG* +*GOST* sign = +*GOST* cipher@TLS = +GOST28147-TC26Z-CNT +GOST28147-CPA-CFB +MAGMA-CTR-ACPKM +KUZNYECHIK-CTR-ACPKM cipher@!TLS = +GOST28147-TC26Z-CNT +MAGMA-CTR-ACPKM +KUZNYECHIK-CTR-ACPKM +GOST28147-CPA-CFB +GOST28147-CPB-CFB +GOST28147-CPC-CFB +GOST28147-CPD-CFB +GOST28147-TC26Z-CFB key_exchange = +*GOST* crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/NO-ENFORCE-EMS.pmod000066400000000000000000000000161511230041100304370ustar00rootroot00000000000000__ems = RELAX crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/NO-PQ.pmod000066400000000000000000000025711511230041100272640ustar00rootroot00000000000000group = -P384-MLKEM1024 group = -P521-MLKEM1024 group = -MLKEM1024 group = -P256-MLKEM768 group = -X25519-MLKEM768 group = -MLKEM768-X25519 group = -MLKEM1024-X448 group = -X448-MLKEM768 group = -P384-MLKEM768 group = -MLKEM768 group = -X25519-MLKEM512 group = -P256-MLKEM512 group = -MLKEM512 sign = -RSA3072-SPHINCSSHAKE128FSIMPLE sign = -P256-SPHINCSSHAKE128FSIMPLE sign = -SPHINCSSHAKE128FSIMPLE sign = -P384-SPHINCSSHA2192FSIMPLE sign = -SPHINCSSHA2192FSIMPLE sign = -RSA3072-SPHINCSSHA2128SSIMPLE sign = -P256-SPHINCSSHA2128SSIMPLE sign = -SPHINCSSHA2128SSIMPLE sign = -RSA3072-SPHINCSSHA2128FSIMPLE sign = -P256-SPHINCSSHA2128FSIMPLE sign = -SPHINCSSHA2128FSIMPLE sign = -P521-FALCONPADDED1024 sign = -FALCONPADDED1024 sign = -P521-FALCON1024 sign = -FALCON1024 sign = -RSA3072-FALCONPADDED512 sign = -P256-FALCONPADDED512 sign = -FALCONPADDED512 sign = -RSA3072-FALCON512 sign = -P256-FALCON512 sign = -FALCON512 sign = -MLDSA87-ED448 sign = -MLDSA87-BP384 sign = -MLDSA87-P384 sign = -P521-MLDSA87 sign = -MLDSA87 sign = -MLDSA65-ED25519 sign = -MLDSA65-BP256 sign = -MLDSA65-P256 sign = -MLDSA65-RSA3072 sign = -MLDSA65-PSS3072 sign = -P384-MLDSA65 sign = -MLDSA65 sign = -MLDSA44-BP256 sign = -MLDSA44-P256 sign = -MLDSA44-ED25519 sign = -MLDSA44-RSA2048 sign = -MLDSA44-PSS2048 sign = -RSA3072-MLDSA44 sign = -P256-MLDSA44 sign = -MLDSA44 key_exchange = -SNTRUP key_exchange = -KEM-ECDH crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/OSPP.pmod000066400000000000000000000046131511230041100272120ustar00rootroot00000000000000# Restrict FIPS policy for the Common Criteria OSPP profile. # SSH (upper limit) # Ciphers: aes256-ctr, aes256-cbc, aes256-gcm@openssh.com # PubkeyAcceptedKeyTypes: rsa-sha2-256, rsa‑sha2‑512 # MACs: hmac-sha2-256, hmac-sha2-512, implicit for aes256-gcm@openssh.com # KexAlgorithms: ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 # TLS ciphers (suggested minimal set for openssl) # * TLS_RSA_WITH_AES_128_CBC_SHA - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_CBC_SHA - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_128_CBC_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_CBC_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_128_GCM_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_GCM_SHA384 - excluded by FIPS, uses RSA key exchange # * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 # * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 # * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself # * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself # * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # Supported Groups Extension in ClientHello: secp256r1, secp384r1, secp521r1 mac = -HMAC-SHA1 # see above, both SSH and TLS ended up not using it group = -X25519-MLKEM768 -P256-MLKEM768 -P384-MLKEM1024 -SECP256R1 -FFDHE-2048 hash = -SHA2-224 -SHA3-256 -SHA3-384 -SHA3-512 -SHA3-224 sign = -MLDSA44 -MLDSA65 -MLDSA87 \ -ECDSA-SHA2-224 -ECDSA-SHA2-256 -RSA-PSS-SHA2-224 -RSA-SHA2-224 # a necessary change =( cipher@!{SSH,TLS} = -AES-256-CTR -AES-128-CTR -AES-256-CCM -AES-128-CCM -AES-128-CBC -AES-128-GCM -AES-128-CFB ssh_cipher = -AES-256-CCM -AES-128-CCM -AES-128-GCM -AES-128-CTR tls_cipher = -AES-256-CCM -AES-128-CCM -AES-128-GCM -AES-128-CBC key_exchange = -KEM-ECDH # no KEM-ECDH, just to be sure ssh_certs = 0 etm@SSH = DISABLE_ETM protocol = -TLS1.3 min_dh_size = 3072 min_rsa_size = 3072 arbitrary_dh_groups = 0 crypto-policies-20251128.git19878fe/tests/alternative-policies/modules/TEST-PQ.pmod000066400000000000000000000025101511230041100275200ustar00rootroot00000000000000 # re-prioritizing the ones from the base policies group = -X25519-MLKEM768 -P256-MLKEM768 -P384-MLKEM1024 -MLKEM768-X25519 group = -MLKEM1024-X448 group = +*MLKEM* sign = +RSA3072-SPHINCSSHAKE128FSIMPLE sign = +P256-SPHINCSSHAKE128FSIMPLE sign = +SPHINCSSHAKE128FSIMPLE sign = +P384-SPHINCSSHA2192FSIMPLE sign = +SPHINCSSHA2192FSIMPLE sign = +RSA3072-SPHINCSSHA2128SSIMPLE sign = +P256-SPHINCSSHA2128SSIMPLE sign = +SPHINCSSHA2128SSIMPLE sign = +RSA3072-SPHINCSSHA2128FSIMPLE sign = +P256-SPHINCSSHA2128FSIMPLE sign = +SPHINCSSHA2128FSIMPLE sign = +P521-FALCONPADDED1024 sign = +FALCONPADDED1024 sign = +P521-FALCON1024 sign = +FALCON1024 sign = +RSA3072-FALCONPADDED512 sign = +P256-FALCONPADDED512 sign = +FALCONPADDED512 sign = +RSA3072-FALCON512 sign = +P256-FALCON512 sign = +FALCON512 sign = +MLDSA87-ED448 sign = +MLDSA87-BP384 sign = +MLDSA87-P384 sign = +P521-MLDSA87 sign = +MLDSA65-ED25519 sign = +MLDSA65-BP256 sign = +MLDSA65-P256 sign = +MLDSA65-RSA3072 sign = +MLDSA65-PSS3072 sign = +P384-MLDSA65 sign = +MLDSA44-BP256 sign = +MLDSA44-P256 sign = +MLDSA44-ED25519 sign = +MLDSA44-RSA2048 sign = +MLDSA44-PSS2048 sign = +RSA3072-MLDSA44 sign = +P256-MLDSA44 # re-prioritizing the ones from the base policies sign = -MLDSA44 -MLDSA65 -MLDSA87 sign = +MLDSA87 sign = +MLDSA65 sign = +MLDSA44 key_exchange = +SNTRUP key_exchange = +KEM* crypto-policies-20251128.git19878fe/tests/gnutls.py000077500000000000000000000023521511230041100216440ustar00rootroot00000000000000#!/usr/bin/python3 import os import subprocess import sys from pathlib import Path if os.getenv('OLD_GNUTLS') == '1': print('Not checking the GnuTLS configuration') sys.exit(0) print('Checking the GnuTLS configuration') for policy_path in Path('tests', 'outputs').glob('*-gnutls.txt'): policy = policy_path.name.removesuffix('-gnutls.txt') if policy == 'GOST-ONLY': continue print(f'Checking policy {policy}') p = subprocess.run(['gnutls-cli', '-l'], # noqa: S607 env={**os.environ, 'GNUTLS_DEBUG_LEVEL': '3', 'GNUTLS_SYSTEM_PRIORITY_FILE': policy_path, 'GNUTLS_SYSTEM_PRIORITY_FAIL_ON_INVALID': '1'}, check=False, encoding='utf-8', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) if p.returncode == 0 and policy == 'EMPTY': print(f'Error in gnutls empty policy {policy}', file=sys.stderr) print(p.stdout, file=sys.stderr) sys.exit(1) elif p.returncode != 0 and policy != 'EMPTY': print(f'Error in gnutls policy {policy}', file=sys.stderr) print(p.stdout, file=sys.stderr) sys.exit(1) crypto-policies-20251128.git19878fe/tests/java.py000077500000000000000000000036631511230041100212570ustar00rootroot00000000000000#!/usr/bin/python3 import subprocess import sys from pathlib import Path print('Checking the Java configuration') subprocess.run(['javac', 'tests/java/CipherList.java'], # noqa: S607 check=True) for policy_path in Path('tests', 'outputs').glob('*-java.txt'): policy = policy_path.name.removesuffix('-java.txt') print(f'Checking policy {policy}') # catch errors here, in this script, # since the -D option will ignore missing files. if not policy_path.exists(): print(f'Policy file {policy_path} missing') sys.exit(1) try: p = subprocess.run(['java', # noqa: S607 '-Djava.security.disableSystemPropertiesFile=true', f'-Djava.security.properties={policy_path}', '-cp', 'tests/java', 'CipherList', '-l'], check=True, encoding='utf-8', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: print(f'CipherList error {e.returncode}:', file=sys.stderr) print(e.stdout, file=sys.stderr) sys.exit(1) out = p.stdout.rstrip() lines = out.split('\n') line_count = out.count('\n') if policy in {'EMPTY', 'GOST-ONLY'}: if line_count >= 2: # we allow SCSV # noqa: PLR2004 print('Empty policy has ciphersuites!', file=sys.stderr) print(p.stdout, file=sys.stderr) sys.exit(1) else: if 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV' not in lines: print('Could not find TLS_EMPTY_RENEGOTIATION_INFO_SCSV ' f'in {policy}', file=sys.stderr) print(p.stdout, file=sys.stderr) sys.exit(1) if line_count <= 1: # SCSV print(f'Policy {policy} has no ciphersuites!', file=sys.stderr) print(p.stdout, file=sys.stderr) sys.exit(1) crypto-policies-20251128.git19878fe/tests/java/000077500000000000000000000000001511230041100206725ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/java/CipherList.java000066400000000000000000000007031511230041100236030ustar00rootroot00000000000000import java.net.URL; import java.io.*; import javax.net.ssl.*; public class CipherList { public static void main(String[] args) throws Exception { SSLContext context = SSLContext.getDefault(); int i; SSLSocketFactory sf = context.getSocketFactory(); String[] cipherSuites = sf.getDefaultCipherSuites(); for (i=0;i=3.80') options = (['-f', 'value', '-f', 'identifier'] if nss_is_lax_by_default and not nss_lax else []) print('Checking the NSS configuration') for policy_path in Path('tests', 'outputs').glob('*-nss.txt'): policy = policy_path.name.removesuffix('-nss.txt') print(f'Checking policy {policy}') if policy not in {'EMPTY', 'GOST-ONLY'}: try: p = subprocess.run(['nss-policy-check', # noqa: S607 *options, policy_path], check=True, encoding='utf-8', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: print(f'Error in NSS policy for {policy}', file=sys.stderr) print(f'NSS policy for {policy}:', file=sys.stderr) print(policy_path.read_text(encoding='utf-8'), file=sys.stderr) print(f'nss-policy-check error {e.returncode}:', file=sys.stderr) print(e.stdout, file=sys.stderr) sys.exit(1) crypto-policies-20251128.git19878fe/tests/openssl.py000077500000000000000000000017471511230041100220220ustar00rootroot00000000000000#!/usr/bin/python3 import re import subprocess import sys from pathlib import Path print('Checking the OpenSSL configuration') for policy_path in Path('tests', 'outputs').glob('*-opensslcnf.txt'): policy = policy_path.name.removesuffix('-opensslcnf.txt') if policy in {'EMPTY', 'GOST-ONLY'}: continue print(f'Checking policy {policy}') ciphers, = re.findall(r'^CipherString = (.*)$', policy_path.read_text(encoding='utf-8'), re.MULTILINE) try: p = subprocess.run(['openssl', 'ciphers', ciphers], # noqa: S607 check=True, encoding='utf-8', stdout=subprocess.PIPE, stderr=subprocess.STDOUT) except subprocess.CalledProcessError as e: print(f'openssl ciphers error {e.returncode}:', file=sys.stderr) print(e.stdout, file=sys.stderr) print(f'ciphers: {ciphers}', file=sys.stderr) sys.exit(1) crypto-policies-20251128.git19878fe/tests/outputs/000077500000000000000000000000001511230041100214745ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/outputs/BSI-bind.txt000066400000000000000000000001361511230041100235640ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/BSI-gnutls.txt000066400000000000000000000046361511230041100241750ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 tls-enabled-mac = AEAD tls-enabled-mac = SHA512 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = high [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/BSI-java.txt000066400000000000000000000036531511230041100236000ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, SHA224withRSAandMGF1, RSA keySize < 3072, DSA keySize < 3072, DH keySize < 3072, EC keySize < 256, SHA224, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, SHA224withRSAandMGF1, RSA keySize < 3072, DSA keySize < 3072, DH keySize < 3072, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, ChaCha20-Poly1305, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacMD5 jdk.disabled.namedCurves=x25519, x448, ffdhe2048, ffdhe6144, ffdhe8192, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/BSI-krb5.txt000066400000000000000000000001611511230041100235110ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 pkinit_dh_min_bits=4096 crypto-policies-20251128.git19878fe/tests/outputs/BSI-libreswan.txt000066400000000000000000000005721511230041100246420ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh15+dh16,aes128-sha2_256-dh19+dh20+dh21+dh15+dh16 esp=aes_gcm256,aes256-sha2_512+sha2_256,aes_gcm128,aes128-sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/BSI-libssh.txt000066400000000000000000000023741511230041100241420ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/BSI-nss.txt000066400000000000000000000011171511230041100234530ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072" crypto-policies-20251128.git19878fe/tests/outputs/BSI-openssh.txt000066400000000000000000000030761511230041100243350ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group16-sha512- KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 3072 crypto-policies-20251128.git19878fe/tests/outputs/BSI-opensshserver.txt000066400000000000000000000040401511230041100255540ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-nistp256-sha256-,gss-group16-sha512- KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 3072 crypto-policies-20251128.git19878fe/tests/outputs/BSI-openssl_fips.txt000066400000000000000000000000611511230041100253510ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/BSI-opensslcnf.txt000066400000000000000000000017301511230041100250230ustar00rootroot00000000000000CipherString = @SECLEVEL=3:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-kRSA:-aDSS:-CHACHA20:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:?ecdsa_brainpoolP256r1_sha256:?ecdsa_brainpoolP384r1_sha384:?ecdsa_brainpoolP512r1_sha512 Groups = *secp256r1:secp384r1:secp521r1:ffdhe3072:ffdhe4096:?brainpoolP512r1tls13:brainpoolP512r1:?brainpoolP384r1tls13:brainpoolP384r1:?brainpoolP256r1tls13:brainpoolP256r1 [req] default_bits = 3072 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/BSI-rpm-sequoia.txt000066400000000000000000000036551511230041100251230ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/BSI-sequoia.txt000066400000000000000000000036551511230041100243270ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-bind.txt000066400000000000000000000001361511230041100242330ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-gnutls.txt000066400000000000000000000064551511230041100246450ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-java.txt000066400000000000000000000031361511230041100242430ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-krb5.txt000066400000000000000000000002631511230041100241630ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-libreswan.txt000066400000000000000000000010361511230041100253050ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-libssh.txt000066400000000000000000000026511511230041100246070ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-nss.txt000066400000000000000000000016221511230041100241230ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc/pkcs12-legacy,smime:rc2/pkcs12-legacy,smime-legacy:rc2-40-cbc/pkcs12-legacy,smime-legacy:rc2-64-cbc/pkcs12-legacy,smime-legacy:rc2-128-cbc/pkcs12-legacy,smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1/pkcs12-legacy:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-openssh.txt000066400000000000000000000035351511230041100250040ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-opensshserver.txt000066400000000000000000000044771511230041100262410ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-openssl_fips.txt000066400000000000000000000000611511230041100260200ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-opensslcnf.txt000066400000000000000000000017351511230041100254770ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-rpm-sequoia.txt000066400000000000000000000037011511230041100255620ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT-sequoia.txt000066400000000000000000000036731511230041100247760ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-bind.txt000066400000000000000000000001171511230041100250210ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; }; disable-ds-digests "." { }; crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-gnutls.txt000066400000000000000000000064551511230041100254340ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-java.txt000066400000000000000000000031361511230041100250320ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-krb5.txt000066400000000000000000000002631511230041100247520ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-libreswan.txt000066400000000000000000000010361511230041100260740ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-libssh.txt000066400000000000000000000026511511230041100253760ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-nss.txt000066400000000000000000000016221511230041100247120ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc/pkcs12-legacy,smime:rc2/pkcs12-legacy,smime-legacy:rc2-40-cbc/pkcs12-legacy,smime-legacy:rc2-64-cbc/pkcs12-legacy,smime-legacy:rc2-128-cbc/pkcs12-legacy,smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1/pkcs12-legacy:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-openssh.txt000066400000000000000000000035351511230041100255730ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-opensshserver.txt000066400000000000000000000044771511230041100270300ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-openssl_fips.txt000066400000000000000000000000611511230041100266070ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-opensslcnf.txt000066400000000000000000000017431511230041100262650ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kGOST:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-rpm-sequoia.txt000066400000000000000000000037011511230041100263510ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:GOST-sequoia.txt000066400000000000000000000036731511230041100255650ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-bind.txt000066400000000000000000000001361511230041100251000ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-gnutls.txt000066400000000000000000000060031511230041100254770ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = SECP384R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-java.txt000066400000000000000000000031361511230041100251100ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-krb5.txt000066400000000000000000000002631511230041100250300ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-libreswan.txt000066400000000000000000000010361511230041100261520ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-libssh.txt000066400000000000000000000026511511230041100254540ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-nss.txt000066400000000000000000000015451511230041100247740ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc/pkcs12-legacy,smime:rc2/pkcs12-legacy,smime-legacy:rc2-40-cbc/pkcs12-legacy,smime-legacy:rc2-64-cbc/pkcs12-legacy,smime-legacy:rc2-128-cbc/pkcs12-legacy,smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1/pkcs12-legacy:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-openssh.txt000066400000000000000000000034261511230041100256500ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-opensshserver.txt000066400000000000000000000043701511230041100270760ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-openssl_fips.txt000066400000000000000000000000611511230041100266650ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-opensslcnf.txt000066400000000000000000000015321511230041100263370ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-rpm-sequoia.txt000066400000000000000000000036751511230041100264410ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:NO-PQ-sequoia.txt000066400000000000000000000036671511230041100256460ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-bind.txt000066400000000000000000000001361511230041100253430ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-gnutls.txt000066400000000000000000000064551511230041100257550ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-java.txt000066400000000000000000000031361511230041100253530ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-krb5.txt000066400000000000000000000002631511230041100252730ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-libreswan.txt000066400000000000000000000010361511230041100264150ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-libssh.txt000066400000000000000000000026511511230041100257170ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-nss.txt000066400000000000000000000016221511230041100252330ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc/pkcs12-legacy,smime:rc2/pkcs12-legacy,smime-legacy:rc2-40-cbc/pkcs12-legacy,smime-legacy:rc2-64-cbc/pkcs12-legacy,smime-legacy:rc2-128-cbc/pkcs12-legacy,smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1/pkcs12-legacy:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-openssh.txt000066400000000000000000000036271511230041100261160ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-opensshserver.txt000066400000000000000000000045711511230041100273440ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-openssl_fips.txt000066400000000000000000000000611511230041100271300ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-opensslcnf.txt000066400000000000000000000034611511230041100266050ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:?p256_mldsa44:?rsa3072_mldsa44:?mldsa44_pss2048:?mldsa44_rsa2048:?mldsa44_ed25519:?mldsa44_p256:?mldsa44_bp256:?p384_mldsa65:?mldsa65_pss3072:?mldsa65_rsa3072:?mldsa65_p256:?mldsa65_bp256:?mldsa65_ed25519:?p521_mldsa87:?mldsa87_p384:?mldsa87_bp384:?mldsa87_ed448:?falcon512:?p256_falcon512:?rsa3072_falcon512:?falconpadded512:?p256_falconpadded512:?rsa3072_falconpadded512:?falcon1024:?p521_falcon1024:?falconpadded1024:?p521_falconpadded1024:?sphincssha2128fsimple:?p256_sphincssha2128fsimple:?rsa3072_sphincssha2128fsimple:?sphincssha2128ssimple:?p256_sphincssha2128ssimple:?rsa3072_sphincssha2128ssimple:?sphincssha2192fsimple:?p384_sphincssha2192fsimple:?sphincsshake128fsimple:?p256_sphincsshake128fsimple:?rsa3072_sphincsshake128fsimple:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024:?mlkem512:?x25519_mlkem512:?mlkem768:?x448_mlkem768:?p256_mlkem512:?mlkem1024:?p384_mlkem768:?p521_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-rpm-sequoia.txt000066400000000000000000000037011511230041100266720ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/DEFAULT:TEST-PQ-sequoia.txt000066400000000000000000000036731511230041100261060ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-bind.txt000066400000000000000000000003261511230041100240460ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; RSASHA256; ECDSAP256SHA256; ECDSAP384SHA384; RSASHA512; ED25519; ED448; ECCGOST; }; disable-ds-digests "." { SHA-256; SHA-384; SHA-1; GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-gnutls.txt000066400000000000000000000001571511230041100244500ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] min-verification-profile = very_weak [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-java.txt000066400000000000000000000047501511230041100240600ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA, DSA, DH, EC keySize < 256, SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512, SHA224, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA, DSA, DH, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.2, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, RSAPSK, ECDHE, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_GCM, AES_256_CCM, AES_128_GCM, AES_128_CCM, ChaCha20-Poly1305, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512, HmacMD5 jdk.disabled.namedCurves=x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-krb5.txt000066400000000000000000000000441511230041100237720ustar00rootroot00000000000000[libdefaults] permitted_enctypes = crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-libreswan.txt000066400000000000000000000000161511230041100251140ustar00rootroot00000000000000conn %default crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-libssh.txt000066400000000000000000000000001511230041100244030ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-nss.txt000066400000000000000000000002771511230041100237420ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=tls-version-min=0:dtls-version-min=0:DH-MIN=0:DSA-MIN=0:RSA-MIN=0" crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-openssh.txt000066400000000000000000000000251511230041100246050ustar00rootroot00000000000000GSSAPIKeyExchange no crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-opensshserver.txt000066400000000000000000000000251511230041100260340ustar00rootroot00000000000000GSSAPIKeyExchange no crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-openssl_fips.txt000066400000000000000000000000611511230041100256320ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-opensslcnf.txt000066400000000000000000000010461511230041100253040ustar00rootroot00000000000000CipherString = @SECLEVEL=0:-kPSK:-kDHEPSK:-kECDHEPSK:-kRSAPSK:-kEECDH:-kRSA:-aRSA:-aDSS:-AES256:-AES128:-CHACHA20:-SHA256:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-CBC:-AESCCM:-AESGCM:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = # Disable all TLS TLS.MinProtocol = DTLSv1.2 TLS.MaxProtocol = DTLSv1.1 # Disable all DTLS DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.1 SignatureAlgorithms = Groups = [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-rpm-sequoia.txt000066400000000000000000000036301511230041100253750ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "never" sha256.second_preimage_resistance = "never" sha384.collision_resistance = "never" sha384.second_preimage_resistance = "never" sha512.collision_resistance = "never" sha512.second_preimage_resistance = "never" sha3-256.collision_resistance = "never" sha3-256.second_preimage_resistance = "never" sha3-512.collision_resistance = "never" sha3-512.second_preimage_resistance = "never" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "never" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "never" rsa4096 = "never" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "never" nistp384 = "never" nistp521 = "never" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "never" crypto-policies-20251128.git19878fe/tests/outputs/EMPTY-sequoia.txt000066400000000000000000000036301511230041100246010ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "never" sha256.second_preimage_resistance = "never" sha384.collision_resistance = "never" sha384.second_preimage_resistance = "never" sha512.collision_resistance = "never" sha512.second_preimage_resistance = "never" sha3-256.collision_resistance = "never" sha3-256.second_preimage_resistance = "never" sha3-512.collision_resistance = "never" sha3-512.second_preimage_resistance = "never" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "never" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "never" rsa4096 = "never" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "never" nistp384 = "never" nistp521 = "never" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "never" crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-bind.txt000066400000000000000000000001361511230041100242550ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-gnutls.txt000066400000000000000000000060031511230041100246540ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = SECP384R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-java.txt000066400000000000000000000031361511230041100242650ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-krb5.txt000066400000000000000000000002631511230041100242050ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-libreswan.txt000066400000000000000000000010361511230041100253270ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-libssh.txt000066400000000000000000000026511511230041100246310ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-nss.txt000066400000000000000000000015451511230041100241510ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc/pkcs12-legacy,smime:rc2/pkcs12-legacy,smime-legacy:rc2-40-cbc/pkcs12-legacy,smime-legacy:rc2-64-cbc/pkcs12-legacy,smime-legacy:rc2-128-cbc/pkcs12-legacy,smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1/pkcs12-legacy:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-openssh.txt000066400000000000000000000034261511230041100250250ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-opensshserver.txt000066400000000000000000000043701511230041100262530ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-openssl_fips.txt000066400000000000000000000000611511230041100260420ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-opensslcnf.txt000066400000000000000000000015321511230041100255140ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-rpm-sequoia.txt000066400000000000000000000036751511230041100256160ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FEDORA42-sequoia.txt000066400000000000000000000036671511230041100250230ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-bind.txt000066400000000000000000000001361511230041100242560ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-gnutls.txt000066400000000000000000000064551511230041100246700ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-java.txt000066400000000000000000000031361511230041100242660ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-krb5.txt000066400000000000000000000002631511230041100242060ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-libreswan.txt000066400000000000000000000010361511230041100253300ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-libssh.txt000066400000000000000000000026511511230041100246320ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-nss.txt000066400000000000000000000016221511230041100241460ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc/pkcs12-legacy,smime:rc2/pkcs12-legacy,smime-legacy:rc2-40-cbc/pkcs12-legacy,smime-legacy:rc2-64-cbc/pkcs12-legacy,smime-legacy:rc2-128-cbc/pkcs12-legacy,smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1/pkcs12-legacy:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-openssh.txt000066400000000000000000000035351511230041100250270ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-opensshserver.txt000066400000000000000000000044771511230041100262640ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-openssl_fips.txt000066400000000000000000000000611511230041100260430ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-opensslcnf.txt000066400000000000000000000017351511230041100255220ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-rpm-sequoia.txt000066400000000000000000000037011511230041100256050ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FEDORA43-sequoia.txt000066400000000000000000000036731511230041100250210ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS-bind.txt000066400000000000000000000002141511230041100237050ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; ED25519; ED448; ECCGOST; }; disable-ds-digests "." { SHA-1; GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FIPS-gnutls.txt000066400000000000000000000055721511230041100243210ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA224 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = SECP521R1 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 tls-session-hash = require min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FIPS-java.txt000066400000000000000000000035471511230041100237260ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, RSAPSK, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, ChaCha20-Poly1305, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=x25519, x448, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FIPS-krb5.txt000066400000000000000000000002111511230041100236310ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 crypto-policies-20251128.git19878fe/tests/outputs/FIPS-libreswan.txt000066400000000000000000000006541511230041100247670ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FIPS-libssh.txt000066400000000000000000000017461511230041100242700ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/FIPS-nss.txt000066400000000000000000000012051511230041100235750ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA3-256:SHA3-384:SHA3-512:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/FIPS-openssh.txt000066400000000000000000000022711511230041100244550ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FIPS-opensshserver.txt000066400000000000000000000027401511230041100257050ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FIPS-openssl_fips.txt000066400000000000000000000000611511230041100254750ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FIPS-opensslcnf.txt000066400000000000000000000016621511230041100251530ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSAPSK:-kRSA:-aDSS:-CHACHA20:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?SecP256r1MLKEM768:?p256_mlkem768:?X25519MLKEM768:?x25519_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*secp256r1:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FIPS-rpm-sequoia.txt000066400000000000000000000036571511230041100252510ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS-sequoia.txt000066400000000000000000000036571511230041100244550ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-bind.txt000066400000000000000000000002141511230041100253070ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; ED25519; ED448; ECCGOST; }; disable-ds-digests "." { SHA-1; GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-gnutls.txt000066400000000000000000000052551511230041100257210ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA224 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = SECP521R1 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 tls-session-hash = require min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-java.txt000066400000000000000000000036471511230041100253310ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, RSAPSK, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, ChaCha20-Poly1305, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=x25519, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-krb5.txt000066400000000000000000000002111511230041100252330ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-libreswan.txt000066400000000000000000000005341511230041100263660ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh21+dh20,aes256-sha2_512+sha2_256-dh19+dh21+dh20,aes_gcm128-sha2_512+sha2_256-dh19+dh21+dh20,aes128-sha2_256-dh19+dh21+dh20 esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-libssh.txt000066400000000000000000000015471511230041100256710ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-nss.txt000066400000000000000000000010061511230041100251760ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA3-256:SHA3-384:SHA3-512:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-openssh.txt000066400000000000000000000020111511230041100260470ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-opensshserver.txt000066400000000000000000000024601511230041100273060ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-openssl_fips.txt000066400000000000000000000000611511230041100270770ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-opensslcnf.txt000066400000000000000000000016031511230041100265500ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kECDHEPSK:-kPSK:-kDHEPSK:-kRSAPSK:-kRSA:-aRSA:-aDSS:-CHACHA20:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?SecP256r1MLKEM768:?p256_mlkem768:?X25519MLKEM768:?x25519_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*secp256r1:secp521r1:secp384r1 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-rpm-sequoia.txt000066400000000000000000000036571511230041100266530ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:ECDHE-ONLY-sequoia.txt000066400000000000000000000036571511230041100260570ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-bind.txt000066400000000000000000000002141511230041100257350ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; ED25519; ED448; ECCGOST; }; disable-ds-digests "." { SHA-1; GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-gnutls.txt000066400000000000000000000055721511230041100263510ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA224 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = SECP521R1 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 tls-session-hash = request min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-java.txt000066400000000000000000000035471511230041100257560ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, RSAPSK, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, ChaCha20-Poly1305, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=x25519, x448, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-krb5.txt000066400000000000000000000002111511230041100256610ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-libreswan.txt000066400000000000000000000006541511230041100270170ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18,aes128-sha2_256-dh19+dh14+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-libssh.txt000066400000000000000000000017461511230041100263200ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-nss.txt000066400000000000000000000012051511230041100256250ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:SHA256:SHA384:SHA512:SHA224:SHA3-256:SHA3-384:SHA3-512:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-openssh.txt000066400000000000000000000022711511230041100265050ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-opensshserver.txt000066400000000000000000000027401511230041100277350ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr,aes128-gcm@openssh.com,aes128-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms mlkem768nistp256-sha256,mlkem1024nistp384-sha384,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-openssl_fips.txt000066400000000000000000000000611511230041100275250ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 0 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-opensslcnf.txt000066400000000000000000000017211511230041100271770ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSAPSK:-kRSA:-aDSS:-CHACHA20:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224 Groups = *?SecP256r1MLKEM768:?p256_mlkem768:?X25519MLKEM768:?x25519_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*secp256r1:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 Options = RHNoEnforceEMSinFIPS [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-rpm-sequoia.txt000066400000000000000000000036571511230041100273010ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:NO-ENFORCE-EMS-sequoia.txt000066400000000000000000000036571511230041100265050ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-bind.txt000066400000000000000000000002351511230041100245040ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; ECDSAP256SHA256; ED25519; ED448; ECCGOST; }; disable-ds-digests "." { SHA-1; GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-gnutls.txt000066400000000000000000000037031511230041100251070ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA512 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 enabled-curve = SECP521R1 enabled-curve = SECP384R1 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.2 enabled-version = DTLS1.2 tls-session-hash = require min-verification-profile = high [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-java.txt000066400000000000000000000041571511230041100245200ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withDSA, SHA256withECDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, RSA keySize < 3072, DSA keySize < 2048, DH keySize < 3072, EC keySize < 256, SHA3_256, SHA3_384, SHA3_512, SHA224, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withDSA, SHA256withECDSA, SHA384withDSA, SHA512withDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, RSA keySize < 3072, DSA keySize < 2048, DH keySize < 3072, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, RSAPSK, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_CCM, AES_128_GCM, AES_128_CCM, ChaCha20-Poly1305, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacMD5 jdk.disabled.namedCurves=x25519, secp256r1, x448, ffdhe2048, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-krb5.txt000066400000000000000000000001261511230041100244320ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 pkinit_dh_min_bits=4096 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-libreswan.txt000066400000000000000000000003611511230041100255560ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,aes256-sha2_512+sha2_256 authby=ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-libssh.txt000066400000000000000000000005501511230041100250540ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-256,hmac-sha2-512 KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 PubkeyAcceptedKeyTypes ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-nss.txt000066400000000000000000000011151511230041100243710ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:SECP521R1:SECP384R1:aes256-gcm/ssl:aes256-cbc:SHA256:SHA384:SHA512:SHA3-256/all-signature:SHA3-384/all-signature:SHA3-512/all-signature:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ECDSA:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=2048:RSA-MIN=3072" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-openssh.txt000066400000000000000000000007661511230041100252600ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-256,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 HostbasedAcceptedAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 CASignatureAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 3072 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-opensshserver.txt000066400000000000000000000011121511230041100264710ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-256,hmac-sha2-512 GSSAPIKeyExchange no KexAlgorithms ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 HostbasedAcceptedAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 CASignatureAlgorithms ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 3072 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-openssl_fips.txt000066400000000000000000000000611511230041100262710ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-opensslcnf.txt000066400000000000000000000013101511230041100257350ustar00rootroot00000000000000CipherString = @SECLEVEL=3:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSAPSK:-kRSA:-aDSS:-AES128:-CHACHA20:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-AESCCM:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.2 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ECDSA+SHA384:ECDSA+SHA512:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Groups = *secp521r1:secp384r1:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 3072 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-rpm-sequoia.txt000066400000000000000000000036461511230041100260430ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "never" sha3-256.second_preimage_resistance = "never" sha3-512.collision_resistance = "never" sha3-512.second_preimage_resistance = "never" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "never" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FIPS:OSPP-sequoia.txt000066400000000000000000000036461511230041100252470ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "never" sha3-256.second_preimage_resistance = "never" sha3-512.collision_resistance = "never" sha3-512.second_preimage_resistance = "never" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "never" nistp384 = "always" nistp521 = "always" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-bind.txt000066400000000000000000000001741511230041100241630ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; ECCGOST; }; disable-ds-digests "." { SHA-1; GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-gnutls.txt000066400000000000000000000054671511230041100245750ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHAKE-256 tls-enabled-mac = AEAD tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = DHE-RSA enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = DTLS1.2 min-verification-profile = high [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-java.txt000066400000000000000000000037431511230041100241750ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, SHA224withRSAandMGF1, RSA keySize < 3072, DSA keySize < 3072, DH keySize < 3072, EC keySize < 256, SHA224, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withDSA, SHA384withDSA, SHA512withDSA, SHA1withRSAandMGF1, SHA224withRSAandMGF1, RSA keySize < 3072, DSA keySize < 3072, DH keySize < 3072, EC keySize < 256, include jdk.disabled.namedCurves, TLSv1.1, TLSv1, SSLv3, SSLv2, DTLSv1.0, RSAPSK, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_128_GCM, AES_128_CCM, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacMD5 jdk.disabled.namedCurves=ffdhe2048, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-krb5.txt000066400000000000000000000001531511230041100241070ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 camellia256-cts-cmac pkinit_dh_min_bits=4096 crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-libreswan.txt000066400000000000000000000005551511230041100252400ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh31+dh21+dh20+dh15+dh16+dh18,chacha20_poly1305-sha2_512+sha2_256-dh19+dh31+dh21+dh20+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh31+dh21+dh20+dh15+dh16+dh18 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512 crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-libssh.txt000066400000000000000000000025051511230041100245330ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-nss.txt000066400000000000000000000013021511230041100240440ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc/pkcs12,smime:aes128-cbc/pkcs12,smime:des-ede3-cbc/smime-legacy:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=3072:DSA-MIN=3072:RSA-MIN=3072" crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-openssh.txt000066400000000000000000000033451511230041100247310ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr MACs hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 3072 crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-opensshserver.txt000066400000000000000000000043071511230041100261570ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr MACs hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group16-sha512- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512 RequiredRSASize 3072 crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-openssl_fips.txt000066400000000000000000000000611511230041100257460ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-opensslcnf.txt000066400000000000000000000016521511230041100254230ustar00rootroot00000000000000CipherString = @SECLEVEL=3:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSAPSK:-kRSA:-aDSS:-AES128:-SHA256:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-CBC:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 TLS.MinProtocol = TLSv1.2 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 3072 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-rpm-sequoia.txt000066400000000000000000000036661511230041100255220ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/FUTURE-sequoia.txt000066400000000000000000000036661511230041100247260ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "always" rsa4096 = "always" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-bind.txt000066400000000000000000000003071511230041100245020ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; RSASHA1; NSEC3RSASHA1; DSA; NSEC3DSA; RSASHA256; ECDSAP256SHA256; ECDSAP384SHA384; RSASHA512; ED25519; ED448; }; disable-ds-digests "." { SHA-256; SHA-384; SHA-1; }; crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-gnutls.txt000066400000000000000000000003471511230041100251060ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] tls-enabled-mac = AEAD enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = TLS1.1 enabled-version = TLS1.0 min-verification-profile = medium [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-java.txt000066400000000000000000000050511511230041100245100ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, SHA256, SHA384, SHA512, SHA3_256, SHA3_384, SHA3_512, SHA224, SHA1, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA384withRSA, SHA384withDSA, SHA384withECDSA, SHA512withRSA, SHA512withDSA, SHA512withECDSA, Ed25519, Ed448, SHA1withRSAandMGF1, SHA224withRSAandMGF1, SHA256withRSAandMGF1, SHA384withRSAandMGF1, SHA512withRSAandMGF1, RSA keySize < 2048, DSA keySize < 2048, DH keySize < 2048, EC keySize < 256, include jdk.disabled.namedCurves, SSLv3, SSLv2, DTLSv1.0, RSAPSK, ECDHE, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_RSA, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, AES_256_GCM, AES_256_CCM, AES_128_GCM, AES_128_CCM, ChaCha20-Poly1305, AES_256_CBC, AES_128_CBC, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacSHA1, HmacSHA256, HmacSHA384, HmacSHA512, HmacMD5 jdk.disabled.namedCurves=x25519, secp256r1, secp384r1, secp521r1, x448, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms= crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-krb5.txt000066400000000000000000000000441511230041100244270ustar00rootroot00000000000000[libdefaults] permitted_enctypes = crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-libreswan.txt000066400000000000000000000000161511230041100255510ustar00rootroot00000000000000conn %default crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-libssh.txt000066400000000000000000000000001511230041100250400ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-nss.txt000066400000000000000000000003151511230041100243700ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=tls-version-min=tls1.0:dtls-version-min=0:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048" crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-openssh.txt000066400000000000000000000000521511230041100252420ustar00rootroot00000000000000GSSAPIKeyExchange no RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-opensshserver.txt000066400000000000000000000000521511230041100264710ustar00rootroot00000000000000GSSAPIKeyExchange no RequiredRSASize 2048 crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-openssl_fips.txt000066400000000000000000000000611511230041100262670ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-opensslcnf.txt000066400000000000000000000010261511230041100257370ustar00rootroot00000000000000CipherString = @SECLEVEL=2:kGOST:-kPSK:-kDHEPSK:-kECDHEPSK:-kRSAPSK:-kEECDH:-kRSA:-aRSA:-aDSS:-AES256:-AES128:-CHACHA20:-SHA256:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:-CBC:-AESCCM:-AESGCM:-SHA1:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS.MinProtocol = TLSv1 TLS.MaxProtocol = TLSv1.3 # Disable all DTLS DTLS.MinProtocol = DTLSv1.2 DTLS.MaxProtocol = DTLSv1.1 SignatureAlgorithms = Groups = [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = no crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-rpm-sequoia.txt000066400000000000000000000036301511230041100260320ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "never" sha256.second_preimage_resistance = "never" sha384.collision_resistance = "never" sha384.second_preimage_resistance = "never" sha512.collision_resistance = "never" sha512.second_preimage_resistance = "never" sha3-256.collision_resistance = "never" sha3-256.second_preimage_resistance = "never" sha3-512.collision_resistance = "never" sha3-512.second_preimage_resistance = "never" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "never" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "never" rsa4096 = "never" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "never" nistp384 = "never" nistp521 = "never" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "never" crypto-policies-20251128.git19878fe/tests/outputs/GOST-ONLY-sequoia.txt000066400000000000000000000036301511230041100252360ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "never" sha1.second_preimage_resistance = "never" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "never" sha224.second_preimage_resistance = "never" sha256.collision_resistance = "never" sha256.second_preimage_resistance = "never" sha384.collision_resistance = "never" sha384.second_preimage_resistance = "never" sha512.collision_resistance = "never" sha512.second_preimage_resistance = "never" sha3-256.collision_resistance = "never" sha3-256.second_preimage_resistance = "never" sha3-512.collision_resistance = "never" sha3-512.second_preimage_resistance = "never" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "never" aes192 = "never" aes256 = "never" twofish = "never" camellia128 = "never" camellia192 = "never" camellia256 = "never" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "never" rsa2048 = "never" rsa3072 = "never" rsa4096 = "never" dsa1024 = "never" dsa2048 = "never" dsa3072 = "never" dsa4096 = "never" nistp256 = "never" nistp384 = "never" nistp521 = "never" cv25519 = "never" x25519 = "never" x448 = "never" mlkem768-x25519 = "never" mlkem1024-x448 = "never" ed25519 = "never" eddsa = "never" ed448 = "never" mldsa65-ed25519 = "never" mldsa87-ed448 = "never" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "never" ocb = "never" gcm = "never" crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-bind.txt000066400000000000000000000001171511230041100241120ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-gnutls.txt000066400000000000000000000101651511230041100245160ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 secure-hash = SHAKE-128 secure-hash = SHA1 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig = DSA-SHA256 secure-sig = DSA-SHA384 secure-sig = DSA-SHA512 secure-sig = DSA-SHA224 secure-sig = DSA-SHA3-256 secure-sig = DSA-SHA3-384 secure-sig = DSA-SHA3-512 secure-sig = ECDSA-SHA1 secure-sig = RSA-SHA1 secure-sig = DSA-SHA1 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 secure-sig-for-cert = DSA-SHA256 secure-sig-for-cert = DSA-SHA384 secure-sig-for-cert = DSA-SHA512 secure-sig-for-cert = DSA-SHA224 secure-sig-for-cert = DSA-SHA3-256 secure-sig-for-cert = DSA-SHA3-384 secure-sig-for-cert = DSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA1 secure-sig-for-cert = RSA-SHA1 secure-sig-for-cert = DSA-SHA1 secure-sig-for-cert = rsa-sha1 secure-sig-for-cert = dsa-sha1 secure-sig-for-cert = ecdsa-sha1 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-cipher = 3DES-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA tls-enabled-kx = DHE-DSS enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = TLS1.1 enabled-version = TLS1.0 enabled-version = DTLS1.2 enabled-version = DTLS1.0 min-verification-profile = low [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-java.txt000066400000000000000000000025011511230041100241160ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, RSA keySize < 1024, DSA keySize < 1024, DH keySize < 1024, EC keySize < 256, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, RSA keySize < 1024, DSA keySize < 1024, DH keySize < 1024, EC keySize < 256, include jdk.disabled.namedCurves, SSLv3, SSLv2, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms=3DES_EDE_CBC crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-krb5.txt000066400000000000000000000002631511230041100240430ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-libreswan.txt000066400000000000000000000010731511230041100251660ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512,rsa-sha1 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-libssh.txt000066400000000000000000000032661511230041100244720ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-nss.txt000066400000000000000000000017771511230041100240160ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc:aes192-cbc/pkcs12,smime:camellia256-cbc/pkcs12:camellia192-cbc/pkcs12:camellia128-cbc/pkcs12:des-cbc/pkcs12,smime:rc4/pkcs12:des-40-cbc/pkcs12:rc2/pkcs12,smime:rc2-40-cbc/pkcs12,smime:rc2-64-cbc/pkcs12,smime:rc2-128-cbc/pkcs12,smime:seed-cbc/pkcs12:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1:MD5/pkcs12:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:DHE-DSS/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:DSA:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1024:DSA-MIN=1024:RSA-MIN=1024" crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-openssh.txt000066400000000000000000000041311511230041100246550ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512,ssh-rsa RequiredRSASize 1024 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-opensshserver.txt000066400000000000000000000050641511230041100261120ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512,ssh-rsa RequiredRSASize 1024 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-openssl_fips.txt000066400000000000000000000000611511230041100257000ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-opensslcnf.txt000066400000000000000000000020271511230041100253520ustar00rootroot00000000000000CipherString = @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = yes crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-rpm-sequoia.txt000066400000000000000000000037021511230041100254430ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "always" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/LEGACY-sequoia.txt000066400000000000000000000037021511230041100246470ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "always" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-bind.txt000066400000000000000000000001171511230041100255630ustar00rootroot00000000000000disable-algorithms "." { RSAMD5; ECCGOST; }; disable-ds-digests "." { GOST; }; crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-gnutls.txt000066400000000000000000000101651511230041100261670ustar00rootroot00000000000000[global] override-mode = allowlist [overrides] secure-hash = SHA256 secure-hash = SHA384 secure-hash = SHA512 secure-hash = SHA3-256 secure-hash = SHA3-384 secure-hash = SHA3-512 secure-hash = SHA224 secure-hash = SHA3-224 secure-hash = SHAKE-256 secure-hash = SHAKE-128 secure-hash = SHA1 tls-enabled-mac = AEAD tls-enabled-mac = SHA1 tls-enabled-mac = SHA512 tls-enabled-group = GROUP-X25519-MLKEM768 tls-enabled-group = GROUP-SECP256R1-MLKEM768 tls-enabled-group = GROUP-SECP384R1-MLKEM1024 tls-enabled-group = GROUP-X25519 tls-enabled-group = GROUP-SECP256R1 tls-enabled-group = GROUP-X448 tls-enabled-group = GROUP-SECP521R1 tls-enabled-group = GROUP-SECP384R1 tls-enabled-group = GROUP-FFDHE2048 tls-enabled-group = GROUP-FFDHE3072 tls-enabled-group = GROUP-FFDHE4096 tls-enabled-group = GROUP-FFDHE6144 tls-enabled-group = GROUP-FFDHE8192 secure-sig = ML-DSA-44 secure-sig = ML-DSA-65 secure-sig = ML-DSA-87 secure-sig = ECDSA-SHA3-256 secure-sig = ECDSA-SHA256 secure-sig = ECDSA-SECP256R1-SHA256 secure-sig = ECDSA-SHA3-384 secure-sig = ECDSA-SHA384 secure-sig = ECDSA-SECP384R1-SHA384 secure-sig = ECDSA-SHA3-512 secure-sig = ECDSA-SHA512 secure-sig = ECDSA-SECP521R1-SHA512 secure-sig = EdDSA-Ed25519 secure-sig = EdDSA-Ed448 secure-sig = RSA-PSS-SHA256 secure-sig = RSA-PSS-SHA384 secure-sig = RSA-PSS-SHA512 secure-sig = RSA-PSS-RSAE-SHA256 secure-sig = RSA-PSS-RSAE-SHA384 secure-sig = RSA-PSS-RSAE-SHA512 secure-sig = RSA-SHA3-256 secure-sig = RSA-SHA256 secure-sig = RSA-SHA3-384 secure-sig = RSA-SHA384 secure-sig = RSA-SHA3-512 secure-sig = RSA-SHA512 secure-sig = ECDSA-SHA224 secure-sig = RSA-SHA224 secure-sig = ECDSA-SHA3-224 secure-sig = RSA-SHA3-224 secure-sig = DSA-SHA256 secure-sig = DSA-SHA384 secure-sig = DSA-SHA512 secure-sig = DSA-SHA224 secure-sig = DSA-SHA3-256 secure-sig = DSA-SHA3-384 secure-sig = DSA-SHA3-512 secure-sig = ECDSA-SHA1 secure-sig = RSA-SHA1 secure-sig = DSA-SHA1 secure-sig-for-cert = ML-DSA-44 secure-sig-for-cert = ML-DSA-65 secure-sig-for-cert = ML-DSA-87 secure-sig-for-cert = ECDSA-SHA3-256 secure-sig-for-cert = ECDSA-SHA256 secure-sig-for-cert = ECDSA-SECP256R1-SHA256 secure-sig-for-cert = ECDSA-SHA3-384 secure-sig-for-cert = ECDSA-SHA384 secure-sig-for-cert = ECDSA-SECP384R1-SHA384 secure-sig-for-cert = ECDSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA512 secure-sig-for-cert = ECDSA-SECP521R1-SHA512 secure-sig-for-cert = EdDSA-Ed25519 secure-sig-for-cert = EdDSA-Ed448 secure-sig-for-cert = RSA-PSS-SHA256 secure-sig-for-cert = RSA-PSS-SHA384 secure-sig-for-cert = RSA-PSS-SHA512 secure-sig-for-cert = RSA-PSS-RSAE-SHA256 secure-sig-for-cert = RSA-PSS-RSAE-SHA384 secure-sig-for-cert = RSA-PSS-RSAE-SHA512 secure-sig-for-cert = RSA-SHA3-256 secure-sig-for-cert = RSA-SHA256 secure-sig-for-cert = RSA-SHA3-384 secure-sig-for-cert = RSA-SHA384 secure-sig-for-cert = RSA-SHA3-512 secure-sig-for-cert = RSA-SHA512 secure-sig-for-cert = ECDSA-SHA224 secure-sig-for-cert = RSA-SHA224 secure-sig-for-cert = ECDSA-SHA3-224 secure-sig-for-cert = RSA-SHA3-224 secure-sig-for-cert = DSA-SHA256 secure-sig-for-cert = DSA-SHA384 secure-sig-for-cert = DSA-SHA512 secure-sig-for-cert = DSA-SHA224 secure-sig-for-cert = DSA-SHA3-256 secure-sig-for-cert = DSA-SHA3-384 secure-sig-for-cert = DSA-SHA3-512 secure-sig-for-cert = ECDSA-SHA1 secure-sig-for-cert = RSA-SHA1 secure-sig-for-cert = DSA-SHA1 secure-sig-for-cert = rsa-sha1 secure-sig-for-cert = dsa-sha1 secure-sig-for-cert = ecdsa-sha1 enabled-curve = X25519 enabled-curve = SECP256R1 enabled-curve = SECP384R1 enabled-curve = X448 enabled-curve = SECP521R1 enabled-curve = Ed25519 enabled-curve = Ed448 tls-enabled-cipher = AES-256-GCM tls-enabled-cipher = AES-256-CCM tls-enabled-cipher = CHACHA20-POLY1305 tls-enabled-cipher = AES-256-CBC tls-enabled-cipher = AES-128-GCM tls-enabled-cipher = AES-128-CCM tls-enabled-cipher = AES-128-CBC tls-enabled-cipher = 3DES-CBC tls-enabled-kx = ECDHE-RSA tls-enabled-kx = ECDHE-ECDSA tls-enabled-kx = RSA tls-enabled-kx = DHE-RSA tls-enabled-kx = DHE-DSS enabled-version = TLS1.3 enabled-version = TLS1.2 enabled-version = TLS1.1 enabled-version = TLS1.0 enabled-version = DTLS1.2 enabled-version = DTLS1.0 min-verification-profile = low [priorities] SYSTEM=NONE crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-java.txt000066400000000000000000000025011511230041100255670ustar00rootroot00000000000000jdk.certpath.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, RSA keySize < 1024, DSA keySize < 1024, DH keySize < 1024, EC keySize < 256, MD5 jdk.tls.disabledAlgorithms=MD2, MD5withDSA, MD5withECDSARIPEMD160withRSA, RIPEMD160withECDSA, RIPEMD160withRSAandMGF1, MD5withRSA, RSA keySize < 1024, DSA keySize < 1024, DH keySize < 1024, EC keySize < 256, include jdk.disabled.namedCurves, SSLv3, SSLv2, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, anon, NULL, HmacMD5 jdk.disabled.namedCurves=brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp112r1, secp112r2, secp128r1, secp128r2, secp160k1, secp160r1, secp160r2, secp192k1, secp192r1, secp224k1, secp224r1, secp256k1, sect113r1, sect113r2, sect131r1, sect131r2, sect163k1, sect163r1, sect163r2, sect193r1, sect193r2, sect233k1, sect233r1, sect239k1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, X9.62 c2tnb191v1, X9.62 c2tnb191v2, X9.62 c2tnb191v3, X9.62 c2tnb239v1, X9.62 c2tnb239v2, X9.62 c2tnb239v3, X9.62 c2tnb359v1, X9.62 c2tnb431r1, X9.62 prime192v2, X9.62 prime192v3, X9.62 prime239v1, X9.62 prime239v2, X9.62 prime239v3, brainpoolP320r1 jdk.tls.legacyAlgorithms=3DES_EDE_CBC crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-krb5.txt000066400000000000000000000003041511230041100255100ustar00rootroot00000000000000[libdefaults] permitted_enctypes = aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha256-128 aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 camellia256-cts-cmac camellia128-cts-cmac arcfour-hmac-md5 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-libreswan.txt000066400000000000000000000010731511230041100266370ustar00rootroot00000000000000conn %default ike=aes_gcm256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,chacha20_poly1305-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,aes256-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,aes_gcm128-sha2_512+sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5,aes128-sha2_256-dh19+dh14+dh31+dh21+dh20+dh15+dh16+dh18+dh5 esp=aes_gcm256,chacha20_poly1305,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256 authby=ecdsa-sha2_256,ecdsa-sha2_384,ecdsa-sha2_512,rsa-sha2_256,rsa-sha2_384,rsa-sha2_512,rsa-sha1 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-libssh.txt000066400000000000000000000032661511230041100261430ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com PubkeyAcceptedKeyTypes ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com,ssh-dss,ssh-dss-cert-v01@openssh.com crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-nss.txt000066400000000000000000000017771511230041100254670ustar00rootroot00000000000000library=p11-kit-proxy.so name=p11-kit-proxy library= name=Policy NSS=flags=policyOnly,moduleDB config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:mlkem768x25519:CURVE25519:SECP256R1:SECP521R1:SECP384R1:aes256-gcm/ssl:chacha20-poly1305/ssl:aes256-cbc:aes128-gcm/ssl:aes128-cbc:des-ede3-cbc:aes192-cbc/pkcs12,smime:camellia256-cbc/pkcs12:camellia192-cbc/pkcs12:camellia128-cbc/pkcs12:des-cbc/pkcs12,smime:rc4/pkcs12:des-40-cbc/pkcs12:rc2/pkcs12,smime:rc2-40-cbc/pkcs12,smime:rc2-64-cbc/pkcs12,smime:rc2-128-cbc/pkcs12,smime:seed-cbc/pkcs12:SHA256:SHA384:SHA512:SHA3-256:SHA3-384:SHA3-512:SHA224:SHA3-224:SHA1:MD5/pkcs12:ECDHE-RSA/ssl-key-exchange:ECDHE-ECDSA/ssl-key-exchange:RSA/ssl-key-exchange:DHE-RSA/ssl-key-exchange:DHE-DSS/ssl-key-exchange:RSA-PKCS/smime-key-exchange:RSA-OAEP/smime-key-exchange:DH/smime-key-exchange:ECDH/smime-key-exchange:ML-DSA-44:ML-DSA-65:ML-DSA-87:ECDSA:ED25519:RSA-PSS:RSA-PKCS:DSA:tls-version-min=tls1.0:dtls-version-min=dtls1.0:DH-MIN=1024:DSA-MIN=1024:RSA-MIN=1024" crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-openssh.txt000066400000000000000000000041311511230041100263260ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1-,gss-group1-sha1- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512,ssh-rsa RequiredRSASize 1024 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-opensshserver.txt000066400000000000000000000050641511230041100275630ustar00rootroot00000000000000Ciphers aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc,3des-cbc MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,umac-128@openssh.com,hmac-sha2-512 GSSAPIKexAlgorithms gss-curve25519-sha256-,gss-nistp256-sha256-,gss-group14-sha256-,gss-group16-sha512-,gss-gex-sha1-,gss-group14-sha1- KexAlgorithms mlkem768x25519-sha256,mlkem768nistp256-sha256,mlkem1024nistp384-sha384,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com PubkeyAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com HostbasedAcceptedAlgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ssh-rsa,ssh-rsa-cert-v01@openssh.com CASignatureAlgorithms ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-256,rsa-sha2-512,ssh-rsa RequiredRSASize 1024 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-openssl_fips.txt000066400000000000000000000000611511230041100273510ustar00rootroot00000000000000 [fips_sect] tls1-prf-ems-check = 1 activate = 1 crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-opensslcnf.txt000066400000000000000000000020271511230041100270230ustar00rootroot00000000000000CipherString = @SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:kRSAPSK:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8 Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256 TLS.MinProtocol = TLSv1 TLS.MaxProtocol = TLSv1.3 DTLS.MinProtocol = DTLSv1 DTLS.MaxProtocol = DTLSv1.2 SignatureAlgorithms = ?mldsa44:?mldsa65:?mldsa87:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:ed25519:ed448:rsa_pss_pss_sha256:rsa_pss_pss_sha384:rsa_pss_pss_sha512:rsa_pss_rsae_sha256:rsa_pss_rsae_sha384:rsa_pss_rsae_sha512:RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA224:RSA+SHA224:DSA+SHA256:DSA+SHA384:DSA+SHA512:DSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1 Groups = *?X25519MLKEM768:?x25519_mlkem768:?SecP256r1MLKEM768:?p256_mlkem768:?SecP384r1MLKEM1024:?p384_mlkem1024/*X25519:secp256r1:X448:secp521r1:secp384r1:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192 [req] default_bits = 2048 [openssl_init] alg_section = evp_properties [evp_properties] rh-allow-sha1-signatures = yes crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-rpm-sequoia.txt000066400000000000000000000037021511230041100271140ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "always" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/outputs/LEGACY:AD-SUPPORT-sequoia.txt000066400000000000000000000037021511230041100263200ustar00rootroot00000000000000[hash_algorithms] ignore_invalid = [ "sha3-256", "sha3-512" ] md5.collision_resistance = "never" md5.second_preimage_resistance = "never" sha1.collision_resistance = "always" sha1.second_preimage_resistance = "always" ripemd160.collision_resistance = "never" ripemd160.second_preimage_resistance = "never" sha224.collision_resistance = "always" sha224.second_preimage_resistance = "always" sha256.collision_resistance = "always" sha256.second_preimage_resistance = "always" sha384.collision_resistance = "always" sha384.second_preimage_resistance = "always" sha512.collision_resistance = "always" sha512.second_preimage_resistance = "always" sha3-256.collision_resistance = "always" sha3-256.second_preimage_resistance = "always" sha3-512.collision_resistance = "always" sha3-512.second_preimage_resistance = "always" default_disposition = "never" [symmetric_algorithms] idea = "never" tripledes = "never" cast5 = "never" blowfish = "never" aes128 = "always" aes192 = "never" aes256 = "always" twofish = "never" camellia128 = "always" camellia192 = "never" camellia256 = "always" default_disposition = "never" [asymmetric_algorithms] ignore_invalid = [ "x25519", "x448", "mlkem768-x25519", "mlkem1024-x448", "ed25519", "ed448", "eddsa", "mldsa65-ed25519", "mldsa87-ed448" ] rsa1024 = "always" rsa2048 = "always" rsa3072 = "always" rsa4096 = "always" dsa1024 = "always" dsa2048 = "always" dsa3072 = "always" dsa4096 = "always" nistp256 = "always" nistp384 = "always" nistp521 = "always" cv25519 = "always" x25519 = "always" x448 = "always" mlkem768-x25519 = "always" mlkem1024-x448 = "always" ed25519 = "always" eddsa = "always" ed448 = "always" mldsa65-ed25519 = "always" mldsa87-ed448 = "always" elgamal1024 = "never" elgamal2048 = "never" elgamal3072 = "never" elgamal4096 = "never" brainpoolp256 = "never" brainpoolp512 = "never" default_disposition = "never" [aead_algorithms] default_disposition = "never" ignore_invalid = [ "gcm" ] eax = "always" ocb = "always" gcm = "always" crypto-policies-20251128.git19878fe/tests/unit/000077500000000000000000000000001511230041100207305ustar00rootroot00000000000000crypto-policies-20251128.git19878fe/tests/unit/test_alg_lists.py000066400000000000000000000045011511230041100243220ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import pytest from python.cryptopolicies.alg_lists import ( ALL, glob, max_dtls_version, max_tls_version, min_dtls_version, min_tls_version, ) from python.cryptopolicies.validation.alg_lists import ( AlgorithmClassUnknownError, AlgorithmEmptyMatchError, ExperimentalValueWarning, ) def test_glob_alg_sanity(): assert glob('SEED-CBC', 'cipher') == ['SEED-CBC'] assert glob('*EED*', 'cipher') == ['SEED-CBC'] assert glob('*', 'cipher') == list(ALL['cipher']) def test_glob_alg_globbing(): gs = glob('GOST*', 'cipher') assert gs assert all(g.startswith('GOST') for g in gs) def test_glob_experimental(recwarn): gs = glob('RSA-SHA2-384', 'sign') assert not recwarn plural = 'values `MLDSA87-P384`, `MLDSA87-BP384` are experimental' with pytest.warns(ExperimentalValueWarning, match=plural): gs = glob('MLDSA*P384', 'sign') assert gs == ['MLDSA87-P384', 'MLDSA87-BP384'] singular = 'value `MLDSA87-P384` is experimental' with pytest.warns(ExperimentalValueWarning, match=singular): gs = glob('MLDSA87-P384', 'sign') assert gs == ['MLDSA87-P384'] def test_glob_alg_algorithm_empty(): with pytest.raises(AlgorithmEmptyMatchError): glob('NONEX-*', 'cipher') def test_glob_alg_algorithm_class_unknown(): with pytest.raises(AlgorithmClassUnknownError): glob('*', 'nonex') def test_min_versions(): assert min_tls_version(['TLS1.2', 'SSL3.0', 'TLS1.3']) == 'SSL3.0' assert min_tls_version(['TLS1.2']) == 'TLS1.2' assert min_tls_version(['nonex']) is None assert min_tls_version([]) is None assert min_dtls_version(['DTLS1.2', 'DTLS1.0']) == 'DTLS1.0' assert min_dtls_version(['DTLS1.2']) == 'DTLS1.2' assert min_dtls_version(['nonex']) is None assert min_dtls_version([]) is None def test_max_versions(): assert max_tls_version(['TLS1.2', 'SSL3.0', 'TLS1.3']) == 'TLS1.3' assert max_tls_version(['TLS1.2']) == 'TLS1.2' assert max_tls_version(['nonex']) is None assert max_tls_version([]) is None assert max_dtls_version(['DTLS1.2', 'DTLS1.0']) == 'DTLS1.2' assert max_dtls_version(['DTLS1.2']) == 'DTLS1.2' assert max_dtls_version(['nonex']) is None assert max_dtls_version([]) is None crypto-policies-20251128.git19878fe/tests/unit/test_cryptopolicy.py000066400000000000000000000403351511230041100251060ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import textwrap import pytest from python.cryptopolicies.alg_lists import glob from python.cryptopolicies.cryptopolicies import ( PolicySyntaxDeprecationWarning, UnscopedCryptoPolicy, ) from python.cryptopolicies.validation import ( PolicyFileNotFoundError, PolicySyntaxError, ) from python.cryptopolicies.validation.alg_lists import ExperimentalValueWarning TESTPOL = ''' # boring policy cipher = AES-*-GCM ''' MINUS192 = 'cipher = -AES-192-*' def _policy(tmpdir, **kwargs): subpolicy = False for k, v in kwargs.items(): if not subpolicy: tmpdir.join(f'{k}.pol').write(v) subpolicy = True else: if not tmpdir.join('modules').check(dir=True): tmpdir.mkdir('modules') tmpdir.join('modules').join(f'{k}.pmod').write(v) # pylint: disable=no-value-for-parameter return UnscopedCryptoPolicy(*kwargs.keys(), policydir=str(tmpdir)) def test_cryptopolicy_is_empty(tmpdir): assert _policy(tmpdir, TESTPOL='').is_empty() assert _policy(tmpdir, TESTPOL=' \n\t').is_empty() def test_cryptopolicy_not_found(): with pytest.raises(PolicyFileNotFoundError): UnscopedCryptoPolicy('NONEX') def test_cryptopolicy_smoke_broken(tmpdir): with pytest.raises(PolicySyntaxError), pytest.warns(PolicySyntaxError): _policy(tmpdir, TESTPOL='a = b = c') def test_cryptopolicy_smoke_basic(tmpdir): cp = _policy(tmpdir, TESTPOL='cipher = AES-*-GCM') assert cp.scoped({'tls'}).enabled['cipher'] == [ 'AES-256-GCM', 'AES-192-GCM', 'AES-128-GCM', ] def test_cryptopolicy_smoke_subpolicy(tmpdir): cp = _policy(tmpdir, TESTPOL='cipher = AES-*-GCM', MINUS192='cipher = -AES-192-*') assert cp.scoped({'tls'}).enabled['cipher'] == [ 'AES-256-GCM', 'AES-128-GCM', ] def test_cryptopolicy_smoke_several_subpolicies(tmpdir): cp = _policy(tmpdir, TESTPOL='cipher = AES-*-GCM', MINUS_192='cipher = -AES-192-*', TLS_RESET='cipher@TLS = AES-*-GCM', MINUS_128_SSH='cipher@SSH = -AES-128-*', APPEND_NULL_TLS='cipher@TLS = NULL+', PREPEND_RC4='cipher = +RC4-128') assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == [ 'RC4-128', 'AES-256-GCM', 'AES-192-GCM', 'AES-128-GCM', 'NULL', ] assert cp.scoped({'ssh', 'openssh'}).enabled['cipher'] == [ 'RC4-128', 'AES-256-GCM', ] assert 'AES-192-GCM' in cp.scoped({'ssh', 'openssh'}).disabled['cipher'] assert 'AES-128-GCM' in cp.scoped({'ssh', 'openssh'}).disabled['cipher'] assert 'NULL' in cp.scoped({'ssh', 'openssh'}).disabled['cipher'] def test_cryptopolicy_compat_diamond_new_recommended(tmpdir): with pytest.warns(PolicySyntaxDeprecationWarning): cp = _policy(tmpdir, TESTPOL=''' tls_cipher = DES-CBC RC4-128 cipher = RC4-128 IDEA-CBC # ssh_cipher derived as RC4-128 IDEA-CBC ''', TESTSUBPOL=''' # as simple and intuitive as it gets cipher = -RC4-128 ''') assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == ['DES-CBC'] assert cp.scoped({'ssh', 'openssh'}).enabled['cipher'] == ['IDEA-CBC'] assert cp.scoped().enabled['cipher'] == ['IDEA-CBC'] def test_cryptopolicy_compat_diamond_old_recommended(tmpdir): with pytest.warns(PolicySyntaxDeprecationWarning): cp = _policy(tmpdir, TESTPOL=''' tls_cipher = DES-CBC RC4-128 cipher = RC4-128 IDEA-CBC # ssh_cipher derived as RC4-128 IDEA-CBC ''', TESTSUBPOL=''' # the current 'correct' way to disable ciphers tls_cipher = -RC4-128 cipher = -RC4-128 ssh_cipher = -RC4-128 ''') assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == ['DES-CBC'] assert cp.scoped({'ssh', 'openssh'}).enabled['cipher'] == ['IDEA-CBC'] assert cp.scoped().enabled['cipher'] == ['IDEA-CBC'] def test_cryptopolicy_compat_diamond_breaking1(tmpdir): with pytest.warns(PolicySyntaxDeprecationWarning): cp = _policy(tmpdir, TESTPOL=''' tls_cipher = DES-CBC RC4-128 cipher = RC4-128 IDEA-CBC # ssh_cipher derived as RC4-128 IDEA-CBC ''', TESTSUBPOL=''' # BEHAVIOUR CHANGE! # Modifying cipher in subpolicy previously # didn't affect tls_cipher / ssh_cipher! # Now it does affect cipher@tls / cipher@ssh, # which is a sane, but backwards # incompatible thing to do. cipher = -RC4-128 ''') # Used to be ['DES-CBC', 'RC4-128'] assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == ['DES-CBC'] # Used to be ['RC4-128', 'IDEA-CBC'] assert cp.scoped({'ssh', 'openssh'}).enabled['cipher'] == ['IDEA-CBC'] assert cp.scoped().enabled['cipher'] == ['IDEA-CBC'] def test_cryptopolicy_compat_diamond_breaking2(tmpdir): with pytest.warns(PolicySyntaxDeprecationWarning): cp = _policy(tmpdir, TESTPOL=''' cipher = RC4-128 IDEA-CBC # tls_cipher derived as RC4-128 IDEA-CBC # ssh_cipher derived as RC4-128 IDEA-CBC ''', TESTSUBPOL1='tls_cipher = NULL+', # BEHAVIOUR CHANGE: same as above. TESTSUBPOL2='cipher = -RC4-128', TESTSUBPOL3='ssh_cipher = +NULL') # Used to be ['RC4-128', 'IDEA-CBC', 'NULL'] assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == [ 'IDEA-CBC', 'NULL', ] # Used to be ['NULL', 'RC4-128', 'IDEA-CBC'] assert cp.scoped({'ssh', 'openssh'}).enabled['cipher'] == [ 'NULL', 'IDEA-CBC', ] assert cp.scoped().enabled['cipher'] == ['IDEA-CBC'] def test_cryptopolicy_sha1_in_dnssec(tmpdir): with pytest.warns(PolicySyntaxDeprecationWarning): cp = _policy(tmpdir, TESTPOL=''' hash = MD5 sha1_in_dnssec = 1 ''') assert cp.scoped({'tls', 'openssl'}).enabled['hash'] == ['MD5'] assert cp.scoped({'tls', 'openssl'}).enabled['sign'] == [] b = cp.scoped({'dnssec', 'bind'}) assert b.enabled['hash'] == ['MD5', 'SHA1'] assert b.enabled['sign'] == ['RSA-SHA1', 'ECDSA-SHA1'] assert 'DSA-SHA1' in b.disabled['sign'] def test_cryptopolicy_value_replacement(tmpdir): with pytest.warns( PolicySyntaxDeprecationWarning, match='value X25519-MLKEM768 is deprecated, please rewrite your' ' rules using MLKEM768-X25519'): cp = _policy(tmpdir, TESTPOL='group = X25519-MLKEM768 P256-MLKEM768') assert cp.scoped().enabled['group'] == ['MLKEM768-X25519', 'P256-MLKEM768'] def test_cryptopolicy_compat_to_enum(tmpdir): with pytest.warns( PolicySyntaxDeprecationWarning, match='option ssh_etm = 0 is deprecated, please rewrite your' ' rules using etm@SSH = DISABLE_ETM;.*'): cp = _policy(tmpdir, TESTPOL='ssh_etm = 0') assert cp.scoped({'tls', 'openssl'}).enums['etm'] == 'ANY' assert cp.scoped({'ssh', 'openssh'}).enums['etm'] == 'DISABLE_ETM' def test_cryptopolicy_compat_scoped_ssh_etm_to_enum(tmpdir): with pytest.warns( PolicySyntaxDeprecationWarning, match=r'option ssh_etm@{OpenSSH-server,OpenSSH-client} = 0 is' r' deprecated, please rewrite your rules using' r' etm@{OpenSSH-server,OpenSSH-client} = DISABLE_ETM;.*'): cp = _policy(tmpdir, TESTPOL='ssh_etm@{OpenSSH-server,OpenSSH-client} = 0') assert cp.scoped({'tls', 'openssl'}).enums['etm'] == 'ANY' assert cp.scoped({'ssh', 'openssh'}).enums['etm'] == 'ANY' assert cp.scoped({'ssh', 'openssh-client'}).enums['etm'] == 'DISABLE_ETM' assert cp.scoped({'ssh', 'openssh-server'}).enums['etm'] == 'DISABLE_ETM' def test_cryptopolicy_prepend_order(tmpdir): assert glob('AES-192-*M', 'cipher') == ['AES-192-GCM', 'AES-192-CCM'] # AES-192-*M expands to AES-192-GCM AES-192-CCM ... cp = _policy(tmpdir, TESTPOL='cipher = NULL', # ... but +AES-192-*M expands to +AES-192-CCM +AES-192-GCM # so that -GCM ends up first and has higher priority SUBPOL1='cipher = +AES-192-*M') assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == [ 'AES-192-GCM', 'AES-192-CCM', 'NULL', ] def test_cryptopolicy_no_duplicates(tmpdir): cp = _policy(tmpdir, TESTPOL='cipher = AES-192-G* NULL AES-192-C*') assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == [ 'AES-192-GCM', 'NULL', 'AES-192-CCM', 'AES-192-CTR', 'AES-192-CBC', 'AES-192-CFB', ] cp = _policy(tmpdir, TESTPOL='cipher = AES-192-G* NULL AES-192-C*', SUBPOL1='cipher = AES-192-CTR+', # no effect SUBPOL2='cipher = +AES-192-CCM') # moves CCM first assert cp.scoped({'tls', 'openssl'}).enabled['cipher'] == [ 'AES-192-CCM', 'AES-192-GCM', 'NULL', 'AES-192-CTR', 'AES-192-CBC', 'AES-192-CFB', ] def test_cryptopolicy_minver(tmpdir): cp = _policy(tmpdir, TESTPOL='protocol@TLS = TLS*\nmin_tls_version=TLS1.1') tls_cp = cp.scoped({'tls', 'openssl'}) assert tls_cp.enabled['protocol'] == ['TLS1.3', 'TLS1.2', 'TLS1.1'] assert tls_cp.min_tls_version == 'TLS1.1' assert tls_cp.max_tls_version == 'TLS1.3' assert tls_cp.min_dtls_version is None assert tls_cp.max_dtls_version is None def test_cryptopolicy_maxver(tmpdir): cp = _policy(tmpdir, TESTPOL='protocol@TLS = DTLS*\nmin_dtls_version=DTLS1.0') tls_cp = cp.scoped({'tls', 'openssl'}) assert tls_cp.enabled['protocol'] == ['DTLS1.2', 'DTLS1.0'] assert tls_cp.min_dtls_version == 'DTLS1.0' assert tls_cp.max_dtls_version == 'DTLS1.2' assert tls_cp.min_tls_version is None assert tls_cp.max_tls_version is None def test_cryptopolicy_experimental(tmpdir): plural = 'values `X448-MLKEM768`, `P384-MLKEM768` are experimental' with pytest.warns(ExperimentalValueWarning, match=plural): cp = _policy(tmpdir, TESTPOL='group = +*-MLKEM768\ngroup = -*-MLKEM768') tls_cp = cp.scoped({'tls', 'openssl'}) assert tls_cp.enabled['group'] == [] def test_cryptopolicy_experimental_warnings_suppression_none(recwarn, tmpdir): assert len(recwarn) == 0 suppress_none = textwrap.dedent(''' group = -MLKEM768 sign = -MLDSA65-BP256 ''').lstrip() _policy(tmpdir, TESTPOL=suppress_none) assert len(recwarn) == 2 # noqa: PLR2004 assert recwarn[0].category == ExperimentalValueWarning assert '`group` value `MLKEM768` is ' in str(recwarn[0].message) assert recwarn[1].category == ExperimentalValueWarning assert '`sign` value `MLDSA65-BP256` is ' in str(recwarn[1].message) def test_cryptopolicy_experimental_warnings_suppression_full(recwarn, tmpdir): assert len(recwarn) == 0 suppress_full = textwrap.dedent(''' # %suppress_experimental_value_warnings=true group = -MLKEM768 sign = -MLDSA65-BP256 # %suppress_experimental_value_warnings=false ''').lstrip() _policy(tmpdir, TESTPOL=suppress_full) assert len(recwarn) == 0 def test_cryptopolicy_experimental_warnings_suppression_part(recwarn, tmpdir): assert len(recwarn) == 0 suppress_part = textwrap.dedent(''' # %suppress_experimental_value_warnings=true group = -MLKEM768 # %suppress_experimental_value_warnings=false sign = -MLDSA65-BP256 ''').lstrip() _policy(tmpdir, TESTPOL=suppress_part) # this should be 1 warning, but deduplication broke =/ assert len(recwarn) == 3 # noqa: PLR2004 assert str(recwarn[0].message) == str(recwarn[1].message) assert recwarn[0].lineno == recwarn[1].lineno assert recwarn[0].category == recwarn[1].category assert recwarn[0].line == recwarn[1].line assert str(recwarn[0].message) == str(recwarn[2].message) assert recwarn[0].lineno == recwarn[2].lineno assert recwarn[0].category == recwarn[2].category assert recwarn[0].line == recwarn[2].line assert '`sign` value `MLDSA65-BP256` is ' in str(recwarn[0].message) def test_cryptopolicy_experimental_warnings_suppression_reset(recwarn, tmpdir): assert len(recwarn) == 0 suppress_pol = textwrap.dedent(''' # %suppress_experimental_value_warnings=true group = -MLKEM768 ''').lstrip() subpol = 'sign = -MLDSA65-BP256' # warnings are not suppressed again _policy(tmpdir, TESTPOL=suppress_pol, SUBPOL=subpol) assert len(recwarn) == 1 assert recwarn[0].category == ExperimentalValueWarning assert '`sign` value `MLDSA65-BP256` is ' in str(recwarn[0].message) def test_cryptopolicy_to_string_empty(tmpdir): reference = textwrap.dedent(''' # Policy EMPTYPOL:EMPTYSUBPOL1:EMPTYSUBPOL2 dump # # Do not parse the contents of this file with automated tools, # it is provided for review convenience only. # # Baseline values for all scopes: cipher = group = hash = key_exchange = mac = protocol = sign = arbitrary_dh_groups = 0 min_dh_size = 0 min_dsa_size = 0 min_rsa_size = 0 sha1_in_certs = 0 ssh_certs = 0 min_ec_size = 256 __openssl_block_sha1_signatures = 1 etm = ANY __ems = DEFAULT # No scope-specific properties found. ''').lstrip() cp = _policy(tmpdir, EMPTYPOL='', EMPTYSUBPOL1='\n', EMPTYSUBPOL2='\t') assert str(cp) == reference def test_cryptopolicy_to_string_twisted(tmpdir): reference = textwrap.dedent(''' # Policy TESTPOL dump # # Do not parse the contents of this file with automated tools, # it is provided for review convenience only. # # Baseline values for all scopes: cipher = RC4-128 IDEA-CBC group = hash = MD5 key_exchange = mac = protocol = sign = arbitrary_dh_groups = 0 min_dh_size = 0 min_dsa_size = 0 min_rsa_size = 0 sha1_in_certs = 0 ssh_certs = 0 min_ec_size = 256 __openssl_block_sha1_signatures = 1 etm = ANY __ems = ENFORCE # Scope-specific properties derived for select backends: cipher@gnutls = DES-CBC RC4-128 IDEA-CBC hash@gnutls = sha1_in_certs@gnutls = 1 cipher@java-tls = DES-CBC RC4-128 IDEA-CBC etm@libssh = DISABLE_NON_ETM __ems@nss = RELAX cipher@nss-tls = DES-CBC RC4-128 IDEA-CBC cipher@nss-pkcs12 = IDEA-CBC cipher@nss-smime-import = RC4-128 SEED-CBC IDEA-CBC etm@openssh = DISABLE_NON_ETM hash@openssh-server = MD5 SHA1 cipher@openssl = NULL DES-CBC RC4-128 IDEA-CBC ''').lstrip() cp = _policy(tmpdir, TESTPOL=''' hash = MD5 cipher@openssl = SEED-CBC # overridden in the next line cipher = RC4-128 IDEA-CBC cipher@tls = +DES-CBC cipher@openssl = +NULL cipher@pkcs12 = -RC4-128 cipher@nss-smime = IDEA-CBC cipher@smime-import = +SEED-CBC cipher@smime = +RC4-128 # cipher@nss-smime == cipher@nss hash@openssh-server = SHA1+ sha1_in_certs@gnutls = 1 hash@gnutls = -MD5 etm@SSH = DISABLE_NON_ETM __ems = ENFORCE __ems@nss = RELAX ''') assert str(cp) == reference crypto-policies-20251128.git19878fe/tests/unit/test_parse_line.py000066400000000000000000000032251511230041100244640ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import pytest from python.cryptopolicies.cryptopolicies import ( Directive, Operation, parse_line, ) from python.cryptopolicies.validation.rules import MalformedLineError def test_parse_line(): assert parse_line('cipher = AES-128-GCM AES-256-GCM') == [ Directive(prop_name='cipher', scope='*', operation=Operation.RESET, value=None), Directive(prop_name='cipher', scope='*', operation=Operation.APPEND, value='AES-128-GCM'), Directive(prop_name='cipher', scope='*', operation=Operation.APPEND, value='AES-256-GCM'), ] assert parse_line('cipher@gnutls = +AES-128-GCM') == [ Directive(prop_name='cipher', scope='gnutls', operation=Operation.PREPEND, value='AES-128-GCM'), ] assert parse_line('cipher@*SSH = AES-128-CBC+ -NULL') == [ Directive(prop_name='cipher', scope='*ssh', operation=Operation.APPEND, value='AES-128-CBC'), Directive(prop_name='cipher', scope='*ssh', operation=Operation.OMIT, value='NULL'), ] assert parse_line('cipher =') == [ Directive(prop_name='cipher', scope='*', operation=Operation.RESET, value=None), ] assert parse_line('\t\t') == [] def test_parse_bad(): with pytest.raises(MalformedLineError): parse_line('a = b = c') with pytest.raises(MalformedLineError): parse_line('test') with pytest.raises(MalformedLineError): parse_line('=4') with pytest.raises(MalformedLineError): parse_line('=') crypto-policies-20251128.git19878fe/tests/unit/test_parse_rhs.py000066400000000000000000000037051511230041100243340ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import pytest from python.cryptopolicies.cryptopolicies import Operation, parse_rhs from python.cryptopolicies.validation.alg_lists import ( AlgorithmClassUnknownError, AlgorithmEmptyMatchError, ) from python.cryptopolicies.validation.rules import ( BadEnumValueError, IntPropertyNonIntValueError, MixedDifferentialNonDifferentialError, NonIntPropertyIntValueError, ) def test_parse_rhs(): assert parse_rhs('+NULL', 'cipher') == [(Operation.PREPEND, 'NULL')] assert parse_rhs('-NULL', 'cipher') == [(Operation.OMIT, 'NULL')] assert parse_rhs('IDEA-CBC NULL', 'cipher') == [ (Operation.RESET, None), (Operation.APPEND, 'IDEA-CBC'), (Operation.APPEND, 'NULL'), ] with pytest.raises(AlgorithmEmptyMatchError): parse_rhs('NULL NONEX', 'cipher') with pytest.raises(AlgorithmEmptyMatchError): parse_rhs('NULL NONEX-*', 'cipher') with pytest.raises(AlgorithmClassUnknownError): parse_rhs('NULL', 'nonex_algo_class') with pytest.raises(MixedDifferentialNonDifferentialError): parse_rhs('+IDEA-CBC NULL', 'cipher') with pytest.raises(IntPropertyNonIntValueError): parse_rhs('something', 'sha1_in_certs') with pytest.raises(NonIntPropertyIntValueError): parse_rhs('0', 'cipher') with pytest.raises(AlgorithmClassUnknownError): parse_rhs('0', 'nonex_algo_class') assert parse_rhs('DISABLE_ETM', 'etm') == [ (Operation.SET_ENUM, 'DISABLE_ETM'), ] with pytest.raises(NonIntPropertyIntValueError): parse_rhs('0', 'etm') with pytest.raises(BadEnumValueError): parse_rhs('INVALID', 'etm') assert parse_rhs('RELAX', '__ems') == [(Operation.SET_ENUM, 'RELAX')] with pytest.raises(NonIntPropertyIntValueError): parse_rhs('0', '__ems') with pytest.raises(BadEnumValueError): parse_rhs('INVALID', '__ems') crypto-policies-20251128.git19878fe/tests/unit/test_preprocess_text.py000066400000000000000000000064431511230041100256010ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import textwrap import pytest from python.cryptopolicies.cryptopolicies import ( PolicySyntaxDeprecationWarning, preprocess_text, ) def test_preprocess_text_basics(): assert (preprocess_text('a=b\nc=d#protocol = TLS1.2\ne=f') == 'a = b\nc = d\ne = f') assert preprocess_text('a=b\n#protocol = TLS1.2') == 'a = b' assert preprocess_text('# commented out protocol = TLS1.2') == '' def test_preprocess_text_compat(): with pytest.warns(PolicySyntaxDeprecationWarning): # doesn't move or rewrite the rule, just warns assert (preprocess_text('protocol = TLS1.2\na=b') == 'protocol = TLS1.2\na = b') with pytest.warns(PolicySyntaxDeprecationWarning): # moves the rule to the end, rewrites it assert (preprocess_text('ike_protocol = IKEv1\na=b') == 'a = b\nprotocol@IKE = IKEv1') with pytest.warns(PolicySyntaxDeprecationWarning): assert preprocess_text(''' # reordering is intended ike_protocol = y protocol = x tls_cipher = a b cipher = a b c ssh_cipher = b c ''') == textwrap.dedent(''' protocol = x cipher = a b c cipher@TLS = a b cipher@SSH = b c protocol@IKE = y ''').strip() def test_preprocess_text_compat_problematic(): with pytest.warns(PolicySyntaxDeprecationWarning): # moves the rule to the end, rewrites it assert (preprocess_text('tls_cipher = NULL+') == 'cipher@TLS = NULL+') with pytest.warns(PolicySyntaxDeprecationWarning): # moves the rule to the end, rewrites it assert (preprocess_text('tls_cipher = \\\n\\\nNULL+\na=b\\\n') == 'a = b\ncipher@TLS = NULL+') def test_preprocess_text_compat_diamond_problem(): with pytest.warns(PolicySyntaxDeprecationWarning): # previous behaviour: at the end of the policy (but not a subpolicy!) # derived properties were set to parent properties if missing; # e.g., ssh_cipher or tls_cipher were set to cipher # the current 'correct' way to disable ciphers, reordering is intended assert preprocess_text(''' # policy tls_cipher = a b cipher = a b c ssh_cipher = b c ''') == textwrap.dedent(''' cipher = a b c cipher@TLS = a b cipher@SSH = b c ''').strip() with pytest.warns(PolicySyntaxDeprecationWarning): assert preprocess_text(''' # the current way of disabling ciphers ssh_cipher = -b cipher = -b tls_cipher = -b ''') == textwrap.dedent(''' cipher = -b cipher@TLS = -b cipher@SSH = -b ''').strip() with pytest.warns(PolicySyntaxDeprecationWarning): # subpolicy which used to affects cipher&ssh_cipher, but not tls_cipher assert preprocess_text(''' # subpolicy cipher = -b # used to not affect tls_cipher (compat insanity)! ssh_cipher = -b # does affect cipher@SSH ''') == textwrap.dedent(''' cipher = -b cipher@SSH = -b ''').strip() crypto-policies-20251128.git19878fe/tests/unit/test_scope_selector.py000066400000000000000000000074051511230041100253600ustar00rootroot00000000000000# SPDX-License-Identifier: LGPL-2.1-or-later # Copyright (c) 2021 Red Hat, Inc. import pytest from python.cryptopolicies.cryptopolicies import ScopeSelector from python.cryptopolicies.validation.scope import ( ScopeSelectorCommaError, ScopeSelectorCurlyBracketsError, ScopeSelectorEmptyError, ScopeSelectorIllegalCharacterError, ScopeSelectorMatchedNothingError, ScopeUnknownError, ) def test_scope_selector_any(): scope_any = ScopeSelector() assert str(scope_any) == "" assert scope_any.matches({'ssh'}) assert scope_any.matches({'tls', 'gnutls'}) assert scope_any.matches({}) def test_scope_selector_tls(): scope_tls = ScopeSelector('tls') assert str(scope_tls) == "" assert scope_tls.matches({'tls', 'gnutls'}) assert not scope_tls.matches({'ssh', 'openssh'}) def test_scope_selector_nontls(): scope_nontls = ScopeSelector('!tls') assert not scope_nontls.matches({'tls', 'gnutls'}) assert scope_nontls.matches({'ssh', 'openssh'}) def test_scope_selector_posglob(): scope_posglob = ScopeSelector('tls*') assert str(scope_posglob) == "" assert scope_posglob.matches({'tls'}) assert not scope_posglob.matches({'gnutls'}) assert not scope_posglob.matches({'ssh'}) assert not scope_posglob.matches({'openssh'}) def test_scope_selector_negglob(): scope_negglob = ScopeSelector('!tls*') assert str(scope_negglob) == "" assert not scope_negglob.matches({'tls', 'gnutls'}) assert scope_negglob.matches({'ssh', 'openssh'}) def test_scope_selector_posmixed(): scope_posmixed = ScopeSelector('{*utls,ssh}') assert str(scope_posmixed) == "" assert scope_posmixed.matches({'tls', 'gnutls'}) assert scope_posmixed.matches({'ssh', 'openssh'}) assert not scope_posmixed.matches({'tls', 'openssl'}) assert not scope_posmixed.matches({'krb5'}) def test_scope_selector_negmixed(): scope_negmixed = ScopeSelector('!{*utls,ssh}') assert str(scope_negmixed) == "" assert not scope_negmixed.matches({'tls', 'gnutls'}) assert not scope_negmixed.matches({'ssh', 'openssh'}) assert scope_negmixed.matches({'tls', 'openssl'}) assert scope_negmixed.matches({'krb5'}) def test_scope_selector_curly_brackets(): for s in ('{', '}', '{a', '{a{', 'a{}', 'a}}', 'a}', '{{},a}'): with pytest.raises(ScopeSelectorCurlyBracketsError): ScopeSelector(s) def test_scope_selector_empty(): for s in ('', '!', '{}', '!{}', '{tls,}'): with pytest.raises(ScopeSelectorEmptyError): ScopeSelector(s) def test_scope_selector_illegal_character(): for s in (' ', '! ', '{ }', '!{ }', '3#', 'a+b'): with pytest.raises(ScopeSelectorIllegalCharacterError): ScopeSelector(s) def test_scope_selector_comma(): with pytest.raises(ScopeSelectorCommaError): ScopeSelector(',') with pytest.raises(ScopeSelectorCommaError): ScopeSelector('tls,ssh') def test_scope_selector_unknown(): with pytest.raises(ScopeUnknownError): ScopeSelector('nonex') with pytest.raises(ScopeUnknownError): ScopeSelector('!nonex') with pytest.raises(ScopeUnknownError): ScopeSelector('!{nonex,tls}') def test_scope_selector_nomatch(): with pytest.raises(ScopeSelectorMatchedNothingError): ScopeSelector('*nonex*') with pytest.raises(ScopeSelectorMatchedNothingError): ScopeSelector('!*nonex*') with pytest.raises(ScopeSelectorMatchedNothingError): ScopeSelector('{tls,*nonex*}') with pytest.raises(ScopeSelectorMatchedNothingError): ScopeSelector('!{tls,*nonex*}') crypto-policies-20251128.git19878fe/tests/update-crypto-policies.sh000077500000000000000000000075321511230041100247240ustar00rootroot00000000000000#!/bin/sh set -e umask 022 : ${top_srcdir=..} progname="$0" script="$top_srcdir/python/update-crypto-policies.py" testdir=`mktemp -d -t "update-crypto-policies.XXXXXXXX"` trap 'rm -rf $testdir' 0 profile_dir="$testdir/profile" mkdir "$profile_dir" base_dir="$testdir/base" mkdir "$base_dir" mkdir "$base_dir/local.d" (cd "$top_srcdir" ; python/build-crypto-policies.py --reloadcmds policies "$profile_dir" 2>/dev/null) cp -pr "$top_srcdir/policies" "$profile_dir" echo DEFAULT > "$profile_dir/default-config" echo DEFAULT > "$base_dir/config" check_symlink() { for profile_file in "$profile_dir"/"$1"/*.txt; do profile_base=$(basename "$profile_file") config_file="$base_dir/back-ends/${profile_base%%.txt}.config" test -h "$config_file" || { echo "$progname: $config_file is not a symlink" exit 1 } target_file=$(readlink "$config_file") test "$target_file" = "$profile_file" || { echo "$progname: $target_file is not a symlink to $profile_file" exit 1 } done } echo "$0: checking if default profile is properly selected" profile_dir="$profile_dir" base_dir="$base_dir" "$script" --no-reload check_symlink DEFAULT echo check_compare() { for profile_file in "$profile_dir"/"$1"/*.txt; do profile_base=$(basename "$profile_file") config_file="$base_dir/back-ends/${profile_base%%.txt}.config" test ! -h "$config_file" || { echo "$progname: $config_file is a symlink" exit 1 } cmp "$config_file" "$profile_file" || exit 1 done } echo "$0: checking if current policy dump is equal to the original default profile" mkdir -p "$base_dir/policies" grep -q "^# Policy DEFAULT dump\$" "$base_dir/state/CURRENT.pol" || { echo "$progname: CURRENT.pol does not contain correct policy name" exit 1 } cp "$base_dir/state/CURRENT.pol" "$base_dir/policies" profile_dir="$profile_dir" base_dir="$base_dir" "$script" --no-reload --set CURRENT check_compare DEFAULT echo echo "$0: checking if switching to other profile works" profile_dir="$profile_dir" base_dir="$base_dir" "$script" --no-reload --set LEGACY check_symlink LEGACY check_local() { profile_file="$profile_dir"/"$1"/"$2".txt config_file="$base_dir/back-ends/$2.config" test -f "$config_file" || { echo "$progname: $config_file is not a regular file" exit 1 } cat "$profile_file" "$base_dir/local.d"/"$2"-*.config > "$testdir/merged" diff -u "$config_file" "$testdir/merged" || { echo "$progname: $config_file is not properly merged" exit 1 } } echo echo "$0: checking if local.d works" cat > "$base_dir/local.d/nss-foo.config" < "$base_dir/local.d/nss-bar.config" <> "$base_dir/back-ends/nss.config" < "$base_dir/back-ends/bind.config.new" rm -f "$base_dir/back-ends/bind.config" mv "$base_dir/back-ends/bind.config.new" "$base_dir/back-ends/bind.config" cat >> "$base_dir/back-ends/bind.config" </jre/lib/security/java.security` file should be edited to contain `security.useSystemPropertiesFile=false` or the system property `java.security.disableSystemPropertiesFile` be set to `true`. Note that the system property `java.security.properties` is loaded with a lower preference than the crypto policies, so you can't use this property to override crypto policies without also preventing openjdk applications from adhering to the policy. * Applications using libkrb5: No special treatment is required. Applications will follow the crypto policies by default. These applications inherit the settings for the permitted encryption types for tickets as well as the cryptographic key limits for the PKINIT protocol. A system-wide opt-out is available by deleting the /etc/krb5.conf.d/crypto-policies link. * BIND: This application inherits the set of disabled algorithms. To opt-out from the policy, remove the policy include directive in the named.conf file. * OpenSSH: Both server and client application inherits the cipher preferences, the key exchange algorithms as well as the GSSAPI key exchange algorithms. To opt-out from the policy for client, override the global ssh_config with a user-specific configuration in ~/.ssh/config. See ssh_config(5) for more information. To override some configuration option in server, use a drop-in directory /etc/ssh/sshd_config.d/ to create a file lexicographically preceding 05-redhat.conf which is currently including crypto policies configuration file. * Libreswan: Both servers and clients inherit the ESP and IKE preferences, if they are not overridden in the connection configuration file. Note that due to limitations of libreswan, crypto policies is restricted to supporting IKEv2. To opt-out from the policy, comment the line including `/etc/crypto-policies/back-ends/libreswan.config` from `/etc/ipsec.conf`. * Applications using libssh: Both client and server applications using libssh will load the crypto policies by default. They inherit the ciphers, key exchange, message authentication, and signature algorithms preferences. [[policyconfig]] POLICY CONFIGURATION -------------------- One of the supported policies should be set in /etc/crypto-policies/config and this script should be run afterwards. In case of a parsing error no policies will be updated. CUSTOM POLICIES --------------- The custom policies can take two forms. First form is a full custom policy file which is supported by the update-crypto-policies tool in the same way as the policies shipped along the tool in the package. The second form can be called a subpolicy or policy modifier. This form modifies aspects of any base policy file by removing or adding algorithms or protocols. The subpolicies can be appended on the update-crypto-policies --set command line to the base policy separated by the `:` character. There can be multiple subpolicies appended. The resulting configuration is the same as if the policy and subpolicies were concatenated together. Let's suppose we have subpolicy NO-SHA1 that drops support for SHA1 hash and subpolicy GOST that enables support for the various algorithms specified in Russian GOST standards. You can set the DEFAULT policy with disabled SHA1 support and enabled GOST support by running the following command: `update-crypto-policies --set DEFAULT:NO-SHA1:GOST` This command generates and applies configuration that will be modification of the DEFAULT policy with changes specified in the NO-SHA1 and GOST subpolicies. FILES ----- /etc/crypto-policies/config:: The file contains the system policy to be applied when `update-crypto-policies` is run without any arguments. It should contain a string of one of the policies listed in the *crypto-policies(7)* page (e.g., DEFAULT) or any custom policy name with subpolicies separated by the `:` character. The file is overwritten when `update-crypto-policies --set` is executed. /etc/crypto-policies/back-ends:: Contains the generated policies in separated files, and in a format readable by the supported back ends. /etc/crypto-policies/local.d:: Contains additional files to be appended to the generated policy files. The files present must adhere to $app-XXX.config file naming, where XXX is any arbitrary identifier. For example, to append a line to GnuTLS' generated policy, create a gnutls-extra-line.config file in local.d. This will be appended to the generated gnutls.config during update-crypto-policies. Please note that because the mechanism just appends a line to the back-end configuration the effect varies among the back-ends. For some of the back-ends the override fully replaces the original policy and for other back-ends the override might not be effective at all. /etc/crypto-policies/state/current:: The file contains the current system policy name with eventual subpolicies as of the last execution of the `update-crypto-policies` command. /etc/crypto-policies/state/CURRENT.pol:: The file contains the current system policy definition with all the modifications from eventual subpolicies applied and is written when the `update-crypto-policies` command is executed. SEE ALSO -------- crypto-policies(7) AUTHOR ------ Written by Nikos Mavrogiannopoulos.