search for: subpolicy

...to turn etm HMAC and chacha20 off, you should follow the RHEL security alert https://access.redhat.com/security/cve/cve-2023-48795 cipher at SSH = -CHACHA20-POLY1305 ssh_etm = 0 by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server. However I would NOT do that (since those ciphers are the modern alternatives), and instead update to openssh-server-8.0p1-15.el8_6.3.x86_64.rpm (see https://access.redhat.com/errata/R...

On Fri, Jan 26, 2024 at 7:24?PM Jochen Bern <Jochen.Bern at binect.de> wrote: > On 25.01.24 14:09, Kaushal Shriyan wrote: > > I am running the below servers on Red Hat Enterprise Linux release 8.7 > > How do I enable strong KexAlgorithms, Ciphers and MACs > > On RHEL 8, you need to be aware that there are "crypto policies" > modifying sshd's behaviour,