InformationThe system-wide crypto-policies followed by the crypto core components allow consistently deprecating and disabling algorithms system-wide.
The individual policy levels (DEFAULT, LEGACY, FUTURE, and FIPS) are included in the crypto-policies(7) package.
If the Legacy system-wide crypto policy is selected, it includes support for TLS 1.0, TLS 1.1, and SSH2 protocols or later. The algorithms DSA, 3DES, and RC4 are allowed, while RSA and Diffie-Hellman parameters are accepted if larger than 1023-bits.
These legacy protocols and algorithms can make the system vulnerable to attacks, including those listed in RFC 7457
Environments that require compatibility with older insecure protocols may require the use of the less secure LEGACY policy level.
SolutionRun the following command to change the system-wide crypto policy
# update-crypto-policies --set <CRYPTO POLICY>
# update-crypto-policies --set DEFAULT
Run the following to make the updated system-wide crypto policy active