{"description": "Linux has the capability to centrally configure cryptographic polices. The command\nupdate-crypto-policies is used to set the policy applicable for the various\ncryptographic back-ends, such as SSL/TLS libraries. The configured cryptographic\npolicies will be the default policy used by these backends unless the application\nuser configures them otherwise. When the system has been configured to use the\ncentralized cryptographic policies, the administrator is assured that any application\nthat utilizes the supported backends will follow a policy that adheres to the\nconfigured profile.\n\nCurrently the supported backends are:\n\n- GnuTLS library
\n- OpenSSL library
\n- NSS library
\n- OpenJDK
\n- Libkrb5
\n- BIND
\n- OpenSSH
\n
\nApplications and languages which rely on any of these backends will follow the\nsystem policies as well. Examples are apache httpd, nginx, php, and others.", "warnings": [], "requires": [], "conflicts": [], "values": ["var_ssh_client_rekey_limit_size", "var_ssh_client_rekey_limit_time", "var_system_crypto_policy"], "groups": {}, "rules": ["configure_bind_crypto_policy", "configure_crypto_policy", "configure_custom_crypto_policy_cis", "configure_gnutls_tls_crypto_policy", "configure_kerberos_crypto_policy", "configure_libreswan_crypto_policy", "configure_openssl_crypto_policy", "configure_openssl_tls_crypto_policy", "configure_ssh_crypto_policy", "harden_openssl_crypto_policy", "harden_ssh_client_crypto_policy", "harden_sshd_ciphers_openssh_conf_crypto_policy", "harden_sshd_ciphers_opensshserver_conf_crypto_policy", "harden_sshd_crypto_policy", "harden_sshd_macs_openssh_conf_crypto_policy", "harden_sshd_macs_opensshserver_conf_crypto_policy", "openssl_use_strong_entropy", "package_crypto-policies_installed"], "platform": "", "platforms": [], "inherited_platforms": [], "cpe_platform_names": [], "title": "System Cryptographic Policies", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/software/integrity/crypto/group.yml"}