CME-401

System-wide Crypto Policy (FUTURE)

Harden Application High Confidence

Description

Centrally enforces minimum cryptographic standards across all system components (OpenSSL, GnuTLS, NSS, OpenSSH, Kerberos). FUTURE policy disables TLS <1.2, SHA-1, RSA <3072, all CBC ciphers, and RC4.

CVSS Vector Impacts

Metric Transition Rationale
Attack Complexity (AC) L H Weak cipher downgrade attacks are impossible; only strong algorithms available

CWE Relationships

CWE-327 CWE-326 CWE-757

Verification

Check system crypto policy level

$ update-crypto-policies --show
# Expected: FUTURE
Platform: rhel

References

  • Red Hat Security Hardening Guide — Using system-wide cryptographic policies
← CME-304: AppArmor (Enforcing Profile) CME-402: FIPS 140-3 Mode →