HEX

File: //proc/self/root/etc/crypto-policies/back-ends/gnutls.config
[global]
override-mode = allowlist

[overrides]
secure-hash = SHA256
secure-hash = SHA384
secure-hash = SHA512
secure-hash = SHA3-256
secure-hash = SHA3-384
secure-hash = SHA3-512
secure-hash = SHA224
secure-hash = SHA3-224
secure-hash = SHAKE-256
secure-hash = SHA1
tls-enabled-mac = AEAD
tls-enabled-mac = SHA1
tls-enabled-mac = SHA512
tls-enabled-group = GROUP-X25519
tls-enabled-group = GROUP-SECP256R1
tls-enabled-group = GROUP-X448
tls-enabled-group = GROUP-SECP521R1
tls-enabled-group = GROUP-SECP384R1
tls-enabled-group = GROUP-FFDHE2048
tls-enabled-group = GROUP-FFDHE3072
tls-enabled-group = GROUP-FFDHE4096
tls-enabled-group = GROUP-FFDHE6144
tls-enabled-group = GROUP-FFDHE8192
secure-sig = ECDSA-SHA3-256
secure-sig = ECDSA-SHA256
secure-sig = ECDSA-SECP256R1-SHA256
secure-sig = ECDSA-SHA3-384
secure-sig = ECDSA-SHA384
secure-sig = ECDSA-SECP384R1-SHA384
secure-sig = ECDSA-SHA3-512
secure-sig = ECDSA-SHA512
secure-sig = ECDSA-SECP521R1-SHA512
secure-sig = EdDSA-Ed25519
secure-sig = EdDSA-Ed448
secure-sig = RSA-PSS-SHA256
secure-sig = RSA-PSS-SHA384
secure-sig = RSA-PSS-SHA512
secure-sig = RSA-PSS-RSAE-SHA256
secure-sig = RSA-PSS-RSAE-SHA384
secure-sig = RSA-PSS-RSAE-SHA512
secure-sig = RSA-SHA3-256
secure-sig = RSA-SHA256
secure-sig = RSA-SHA3-384
secure-sig = RSA-SHA384
secure-sig = RSA-SHA3-512
secure-sig = RSA-SHA512
secure-sig = ECDSA-SHA224
secure-sig = RSA-SHA224
secure-sig = ECDSA-SHA3-224
secure-sig = RSA-SHA3-224
secure-sig = ECDSA-SHA1
secure-sig = RSA-SHA1
secure-sig-for-cert = ECDSA-SHA3-256
secure-sig-for-cert = ECDSA-SHA256
secure-sig-for-cert = ECDSA-SECP256R1-SHA256
secure-sig-for-cert = ECDSA-SHA3-384
secure-sig-for-cert = ECDSA-SHA384
secure-sig-for-cert = ECDSA-SECP384R1-SHA384
secure-sig-for-cert = ECDSA-SHA3-512
secure-sig-for-cert = ECDSA-SHA512
secure-sig-for-cert = ECDSA-SECP521R1-SHA512
secure-sig-for-cert = EdDSA-Ed25519
secure-sig-for-cert = EdDSA-Ed448
secure-sig-for-cert = RSA-PSS-SHA256
secure-sig-for-cert = RSA-PSS-SHA384
secure-sig-for-cert = RSA-PSS-SHA512
secure-sig-for-cert = RSA-PSS-RSAE-SHA256
secure-sig-for-cert = RSA-PSS-RSAE-SHA384
secure-sig-for-cert = RSA-PSS-RSAE-SHA512
secure-sig-for-cert = RSA-SHA3-256
secure-sig-for-cert = RSA-SHA256
secure-sig-for-cert = RSA-SHA3-384
secure-sig-for-cert = RSA-SHA384
secure-sig-for-cert = RSA-SHA3-512
secure-sig-for-cert = RSA-SHA512
secure-sig-for-cert = ECDSA-SHA224
secure-sig-for-cert = RSA-SHA224
secure-sig-for-cert = ECDSA-SHA3-224
secure-sig-for-cert = RSA-SHA3-224
secure-sig-for-cert = ECDSA-SHA1
secure-sig-for-cert = RSA-SHA1
secure-sig-for-cert = rsa-sha1
secure-sig-for-cert = dsa-sha1
secure-sig-for-cert = ecdsa-sha1
enabled-curve = X25519
enabled-curve = SECP256R1
enabled-curve = X448
enabled-curve = SECP521R1
enabled-curve = SECP384R1
enabled-curve = Ed25519
enabled-curve = Ed448
tls-enabled-cipher = AES-256-GCM
tls-enabled-cipher = AES-256-CCM
tls-enabled-cipher = CHACHA20-POLY1305
tls-enabled-cipher = AES-256-CBC
tls-enabled-cipher = AES-128-GCM
tls-enabled-cipher = AES-128-CCM
tls-enabled-cipher = AES-128-CBC
tls-enabled-kx = ECDHE-RSA
tls-enabled-kx = ECDHE-ECDSA
tls-enabled-kx = RSA
tls-enabled-kx = DHE-RSA
enabled-version = TLS1.3
enabled-version = TLS1.2
enabled-version = DTLS1.2
min-verification-profile = medium

[priorities]
SYSTEM=NONE