JRehkemper.de

Change Crypto Policy

Your OS will only accept a limited number of cryptographic algorithms. That way you will only use algorithms that are considered safe. This is really important. Otherwise you might think your are using an encrypted connection while in fact it is easily hackable.

Ideally you should never need to change this settings and replace the algorithms with a newer one instead. But sometimes that is not possible. I had an example where a root certificate used an old encryption algorithms and I had no control over this certificate.

To use it anyway you can change your crypto policy.

Display you Crypto Policy

First you should display your current one.

[tux@server]$ update-crypto-policies --show
DEFAULT

Change your Crypto Policy

If you want to change it, do it like so.

[tux@server]$ update-crypto-policies --set LEGACY
Setting system policy to LEGACY

After that a reboot will be required.

You can also set the policy to future if you want even stricter and more secure policies.

[tux@server]$ update-crypto-policies --set FUTURE
Setting system policy to FUTURE
profile picture of the author

Jannik Rehkemper

I'm an professional Linux Administrator and Hobby Programmer. My training as an IT-Professional started in 2019 and ended in 2022. Since 2023 I'm working as an Linux Administrator.