⚝
One Hat Cyber Team
⚝
Your IP:
216.73.216.19
Server IP:
97.74.87.16
Server:
Linux 16.87.74.97.host.secureserver.net 5.14.0-503.38.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Apr 18 08:52:10 EDT 2025 x86_64
Server Software:
Apache
PHP Version:
8.2.28
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
usr
/
share
/
crypto-policies
/
policies
/
View File Name :
FIPS.pol
# Only FIPS approved or allowed algorithms. It does not provide FIPS compliance # by itself, the FIPS validated crypto modules must be properly installed # and the machine must be booted into the FIPS mode. # MACs: SHA-256 or better # Curves: all prime >= 256 bits # Signature algorithms: with SHA-224 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, excluding AES-CBC) # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD HMAC-SHA2-512 group = SECP256R1 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 sign = ECDSA-SHA3-256 ECDSA-SHA2-256 \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 cipher = AES-256-GCM AES-256-CCM AES-256-CTR \ AES-128-GCM AES-128-CCM AES-128-CTR cipher@TLS = AES-256-GCM AES-256-CCM \ AES-128-GCM AES-128-CCM # Kerberos is an exception, # we allow CBC CTS ciphers as there are no other options cipher@Kerberos = AES-256-CBC AES-128-CBC key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 # DSA is disabled min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY __ems = ENFORCE