LINUX: How to change the system wide cryptographic policy

Check the active policy:

update-crypto-policies --show

Apply a new policy:

update-crypto-policies --set <POLICY>

Supported Policy Levels

DEFAULT: Reasonable, interoperable defaults for modern systems (eliminates legacy protocols).
FUTURE: Conservative security profile using stricter cryptographic strengths (e.g., 256-bit ciphers only, disables older algorithms).
LEGACY: Maximizes interoperability with older devices by allowing legacy algorithms (like RC4, 3DES).
FIPS: Applies only algorithms permitted by FIPS 140 compliance requirements

Example:-

[root@testbox ~]# update-crypto-policies –show
DEFAULT
[root@testbox ~]#

[root@testbox ~]# update-crypto-policies –set LEGACY
Setting system policy to LEGACY
Note: System-wide crypto policies are applied on application start-up.
It is recommended to restart the system for the change of policies
to fully take place.
[root@testbox ~]#

[root@testbox ~]# update-crypto-policies –show
LEGACY
[root@testbox ~]#

Technical Blog for System Administrator

You can see a real scenario of work experience

LINUX: How to change the system wide cryptographic policy

Leave a comment Cancel reply

Share this:

Related

Leave a comment Cancel reply