highsystemverified ✓rollback-safe
Disable weak cryptographic algorithms
crypto-policy-no-weak · RHEL ≥ 8 · 1 impl
Description
The system must not allow the use of weak cryptographic algorithms such as DES, 3DES, RC4, or MD5 for cryptographic operations.
Rationale
Weak cryptographic algorithms can be broken with modern computing power, compromising the confidentiality and integrity of encrypted data. Only strong algorithms should be permitted.
Check → Remediate
Checkcommand
update-crypto-policies --show | grep -qvE 'LEGACY|DEFAULT:.*weak'
- expected_exit:
- 0
Remediatecrypto_policy_set
- policy:
- DEFAULT
Framework references
CIS
rhel9 1.6.1rhel8 1.6.1rhel10 1.6.1
STIG
V-257995
NIST 800-53
SC-12SC-13
Live verification
rhel10:checkrhel8:checkrhel9:check
#crypto-policy#cryptography#weak-algorithms#stig