File Explorer

/proc/self/task/9/root/usr/share/crypto-policies/policies

This explorer reads the filesystem of the server it runs on, so /workspace/user isn't present here. Browsing and the terminal still work against this server's own disk from /.

1 dir
5 files

DEFAULT.pol2.4 KB · 70 lines

1# A reasonable default for today's standards.2# It should provide 112-bit security.3# SHA1 is allowed in HMAC where collision resistance does not matter.4 5# MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc)6# Curves: all prime >= 255 bits (including Bernstein curves)7# Signature algorithms: with SHA-224 hash or better (no DSA)8# Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20)9# key exchange: ECDHE, RSA, DHE (no DHE-DSS)10# DH params size: >= 204811# RSA params size: >= 204812# TLS protocols: TLS >= 1.2, DTLS >= 1.213 14mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-51215mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA116 17group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \18        FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-819219 20hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \21       SHAKE-25622 23sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \24       ECDSA-SHA3-384 ECDSA-SHA2-384 \25       ECDSA-SHA3-512 ECDSA-SHA2-512 \26       EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \27       RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \28       RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \29       RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \30       RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \31       RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \32       RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \33       RSA-SHA3-256 RSA-SHA2-256 \34       RSA-SHA3-384 RSA-SHA2-384 \35       RSA-SHA3-512 RSA-SHA2-512 \36       ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \37       ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-22438 39cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 \40    AES-256-CTR AES-256-CBC \41    AES-128-GCM AES-128-CCM \42    AES-128-CTR AES-128-CBC43 44cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \45    AES-128-GCM AES-128-CCM AES-128-CBC46 47 48# CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks49# and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014).50cipher@SSH = -*-CBC51 52# 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have53# interoperability issues in TLS.54key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS55 56protocol@TLS = TLS1.3 TLS1.2 DTLS1.257protocol@IKE = IKEv258 59# Parameter sizes60min_dh_size = 204861min_dsa_size = 2048  # DSA is disabled62min_rsa_size = 204863 64# GnuTLS only for now65sha1_in_certs = 066 67arbitrary_dh_groups = 168ssh_certs = 169etm@SSH = ANY70