The system-wide crypto-policies followed by the crypto core components allow consistently deprecating and disabling algorithms system-wide.Rationale:If the Legacy system-wide crypto policy is selected, it includes support for TLS 1.0, TLS 1.1, and SSH2 protocols or later. The algorithms DSA, 3DES, and RC4 are allowed, while RSA and Diffie-Hellman parameters are accepted if larger than 1023-bits.These legacy protocols and algorithms can make the system vulnerable to attacks, including those listed in RFC 7457Audit:Run the following command to verify that the system-wide crypto policy is not LEGACY# grep -E -i `^\s*LEGACY\s*(\s+#.*)?$` /etc/crypto-policies/configFix:Run the following command to change the system-wide crypto policy# update-crypto-policies --set DEFAULT# update-crypto-policies

[DEFAULT/LEGACY (Not recommended)/FUTURE/FIPS]

Run the following command to change the system-wide crypto policy # update-crypto-policies --set DEFAULT # update-crypto-policies