JFIF$        dd7 

Viewing File: /usr/share/crypto-policies/policies/FUTURE.pol

# A level that will provide security on a conservative level that is
# believed to withstand any near-term future attacks. And also provide
# some (not complete) preparation for post quantum encryption support
# in form of 256 bit symmetric encryption requirement.
# It provides at least an 128-bit security. This level may prevent
# communication with many used systems that provide weaker security levels
# (e.g., systems that use SHA-1 as signature algorithm).

# MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc)
# Curves: all prime >= 255 bits (including Bernstein curves)
# Signature algorithms: with SHA-256 hash or better (no DSA)
# TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers, no CBC ciphers
# non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers, CBC only for Kerberos
# key exchange: ECDHE, DHE (no DHE-DSS)
# DH params size: >= 3072
# RSA params size: >= 3072
# TLS protocols: TLS >= 1.2, DTLS >= 1.2

mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512
mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512

group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \
        FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192

hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256
hash@RPM = SHA1+

sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \
       ECDSA-SHA3-384 ECDSA-SHA2-384 \
       ECDSA-SHA3-512 ECDSA-SHA2-512 \
       EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \
       RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \
       RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \
       RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \
       RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \
       RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \
       RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \
       RSA-SHA3-256 RSA-SHA2-256 \
       RSA-SHA3-384 RSA-SHA2-384 \
       RSA-SHA3-512 RSA-SHA2-512

cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 \
         AES-256-CTR
cipher@Kerberos = AES-256-CBC+

cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305

cipher@RPM = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX

# CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks
# and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014).
cipher@SSH = -*-CBC

key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS

protocol@TLS = TLS1.3 TLS1.2 DTLS1.2
protocol@IKE = IKEv2

# Parameter sizes
min_dh_size = 3072
min_dsa_size = 3072  # DSA is disabled
min_rsa_size = 3072

# GnuTLS only for now
sha1_in_certs = 0

arbitrary_dh_groups = 1
ssh_certs = 1
etm@ssh = ANY
Back to Directory  nL+D550H?Mx ,D"v]qv;6*Zqn)ZP0!1 A "#a$2Qr D8 a Ri[f\mIykIw0cuFcRı?lO7к_f˓[C$殷WF<_W ԣsKcëIzyQy/_LKℂ;C",pFA:/]=H  ~,ls/9ć:[=/#f;)x{ٛEQ )~ =𘙲r*2~ a _V=' kumFD}KYYC)({ *g&f`툪ry`=^cJ.I](*`wq1dđ#̩͑0;H]u搂@:~וKL Nsh}OIR*8:2 !lDJVo(3=M(zȰ+i*NAr6KnSl)!JJӁ* %݉?|D}d5:eP0R;{$X'xF@.ÊB {,WJuQɲRI;9QE琯62fT.DUJ;*cP A\ILNj!J۱+O\͔]ޒS߼Jȧc%ANolՎprULZԛerE2=XDXgVQeӓk yP7U*omQIs,K`)6\G3t?pgjrmۛجwluGtfh9uyP0D;Uڽ"OXlif$)&|ML0Zrm1[HXPlPR0'G=i2N+0e2]]9VTPO׮7h(F*癈'=QVZDF,d߬~TX G[`le69CR(!S2!P <0x<!1AQ "Raq02Br#SCTb ?Ζ"]mH5WR7k.ۛ!}Q~+yԏz|@T20S~Kek *zFf^2X*(@8r?CIuI|֓>^ExLgNUY+{.RѪ τV׸YTD I62'8Y27'\TP.6d&˦@Vqi|8-OΕ]ʔ U=TL8=;6c| !qfF3aů&~$l}'NWUs$Uk^SV:U# 6w++s&r+nڐ{@29 gL u"TÙM=6(^"7r}=6YݾlCuhquympǦ GjhsǜNlɻ}o7#S6aw4!OSrD57%|?x>L |/nD6?/8w#[)L7+6〼T ATg!%5MmZ/c-{1_Je"|^$'O&ޱմTrb$w)R$& N1EtdU3Uȉ1pM"N*(DNyd96.(jQ)X 5cQɎMyW?Q*!R>6=7)Xj5`J]e8%t!+'!1Q5 !1 AQaqё#2"0BRb?Gt^## .llQT $v,,m㵜5ubV =sY+@d{N! dnO<.-B;_wJt6;QJd.Qc%p{ 1,sNDdFHI0ГoXшe黅XۢF:)[FGXƹ/w_cMeD,ʡcc.WDtA$j@:) -# u c1<@ۗ9F)KJ-hpP]_x[qBlbpʖw q"LFGdƶ*s+ډ_Zc"?%t[IP 6J]#=ɺVvvCGsGh1 >)6|ey?Lӣm,4GWUi`]uJVoVDG< SB6ϏQ@ TiUlyOU0kfV~~}SZ@*WUUi##; s/[=!7}"WN]'(L! ~y5g9T̅JkbM' +s:S +B)v@Mj e Cf jE 0Y\QnzG1д~Wo{T9?`Rmyhsy3!HAD]mc1~2LSu7xT;j$`}4->L#vzŏILS ֭T{rjGKC;bpU=-`BsK.SFw4Mq]ZdHS0)tLg