File Explorer

/proc/4/root/usr/share/crypto-policies/policies
This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.
1 dir
5 files
FUTURE.pol2.5 KB · 67 lines
1# A level that will provide security on a conservative level that is2# believed to withstand any near-term future attacks. And also provide3# some (not complete) preparation for post quantum encryption support4# in form of 256 bit symmetric encryption requirement.5# It provides at least an 128-bit security. This level may prevent6# communication with many used systems that provide weaker security levels7# (e.g., systems that use SHA-1 as signature algorithm).8 9# MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc)10# Curves: all prime >= 255 bits (including Bernstein curves)11# Signature algorithms: with SHA-256 hash or better (no DSA)12# TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers, no CBC ciphers13# non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers, CBC only for Kerberos14# key exchange: ECDHE, DHE (no DHE-DSS)15# DH params size: >= 307216# RSA params size: >= 307217# TLS protocols: TLS >= 1.2, DTLS >= 1.218 19mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-51220mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-51221 22group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \23        FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-819224 25hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-25626 27sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \28       ECDSA-SHA3-384 ECDSA-SHA2-384 \29       ECDSA-SHA3-512 ECDSA-SHA2-512 \30       EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \31       RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \32       RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \33       RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \34       RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \35       RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \36       RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \37       RSA-SHA3-256 RSA-SHA2-256 \38       RSA-SHA3-384 RSA-SHA2-384 \39       RSA-SHA3-512 RSA-SHA2-51240 41cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 \42         AES-256-CTR43cipher@Kerberos = AES-256-CBC+44 45cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY130546 47# CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks48# and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014).49cipher@SSH = -*-CBC50 51key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS52 53protocol@TLS = TLS1.3 TLS1.2 DTLS1.254protocol@IKE = IKEv255 56# Parameter sizes57min_dh_size = 307258min_dsa_size = 3072  # DSA is disabled59min_rsa_size = 307260 61# GnuTLS only for now62sha1_in_certs = 063 64arbitrary_dh_groups = 165ssh_certs = 166etm@ssh = ANY67