Re: easy way to stop old ssl's

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 11.10.19 22:40, Warren Young wrote:
> On Oct 11, 2019, at 12:12 PM, Jerry Geis <jerry.geis@xxxxxxxxx> wrote:
>>
>> is there a script that is available that can be ran to bring
>> a box up to current "accepted" levels ?
> 
> I don’t know why you’d use a script for this at all.  Just ship a new HTTPS configuration to each server.  Apache loads all *.conf files in its configuration directory, so you might be able to just add another file to the existing config set.  If not, then replace the existing config file instead.

Instead of configuring every application separataly it would be nice if
"accepted levels of security" could be set system wide.

With 8 it seems there is such a thing

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

Although I believe that FIPS mode is also available in 7

I did not used neither system wide cryptographic policies nor FIPS mode
so my post is more the theoretical one, but I thought it is on topic.

-- 
Kind Regards, Markus Falb

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux