|
 |
99b432 |
diff --git a/update-crypto-policies.8.txt b/update-crypto-policies.8.txt
|
|
|
99b432 |
index 7a1564c..3655ba8 100644
|
|
|
99b432 |
--- a/update-crypto-policies.8.txt
|
|
|
99b432 |
+++ b/update-crypto-policies.8.txt
|
|
|
99b432 |
@@ -32,24 +32,13 @@ SYNOPSIS
|
|
|
99b432 |
|
|
|
99b432 |
DESCRIPTION
|
|
|
99b432 |
-----------
|
|
|
99b432 |
-update-crypto-policies(8) is used to set the policy applicable for the
|
|
|
99b432 |
+*update-crypto-policies(8)* is used to set the policy applicable for the
|
|
|
99b432 |
various cryptographic back-ends, such as SSL/TLS libraries. That will
|
|
|
99b432 |
be the default policy used by these back-ends unless the application user
|
|
|
99b432 |
configures them otherwise.
|
|
|
99b432 |
|
|
|
99b432 |
-The available policies are restricted to the following profiles.
|
|
|
99b432 |
-
|
|
|
99b432 |
-* LEGACY: Ensures maximum compatibility with legacy systems (64-bit
|
|
|
99b432 |
- security)
|
|
|
99b432 |
-
|
|
|
99b432 |
-* DEFAULT: A reasonable default for today's standards (80-bit security).
|
|
|
99b432 |
-
|
|
|
99b432 |
-* FUTURE: A level that will provide security on a conservative level that is
|
|
|
99b432 |
- believed to withstand any near-term future attacks (112-bit security).
|
|
|
99b432 |
-
|
|
|
99b432 |
-* FIPS: Policy that enables only FIPS 140-2 approved or allowed algorithms.
|
|
|
99b432 |
-
|
|
|
99b432 |
-* EMPTY: All cryptographic algorithms are disabled (used for debugging only)
|
|
|
99b432 |
+The available policies are described in the *crypto-policies(7)* manual
|
|
|
99b432 |
+page.
|
|
|
99b432 |
|
|
|
99b432 |
The desired system policy is selected in /etc/crypto-policies/config
|
|
|
99b432 |
and this tool will generate the individual policy requirements for
|
|
|
99b432 |
@@ -201,10 +190,11 @@ In case of a parsing error no policies will be updated.
|
|
|
99b432 |
FILES
|
|
|
99b432 |
-----
|
|
|
99b432 |
/etc/crypto-policies/config::
|
|
|
99b432 |
- The file contains the current system policy. It should contain a string of one of the profiles listed above (e.g., DEFAULT).
|
|
|
99b432 |
+ The file contains the current system policy. It should contain a string of one of the
|
|
|
99b432 |
+ profiles listed in the *crypto-policies(7)* page (e.g., DEFAULT).
|
|
|
99b432 |
|
|
|
99b432 |
/etc/crypto-policies/back-ends::
|
|
|
99b432 |
- Contains the generated policies in separated files, and in a format readable by the supported back-ends.
|
|
|
99b432 |
+ Contains the generated policies in separated files, and in a format readable by the supported back ends.
|
|
|
99b432 |
|
|
|
99b432 |
/etc/crypto-policies/local.d::
|
|
|
99b432 |
Contains additional files to be appended to the generated policy
|
|
|
99b432 |
@@ -218,7 +208,7 @@ FILES
|
|
|
99b432 |
|
|
|
99b432 |
SEE ALSO
|
|
|
99b432 |
--------
|
|
|
99b432 |
-fips-mode-setup(8)
|
|
|
99b432 |
+crypto-policies(7), fips-mode-setup(8)
|
|
|
99b432 |
|
|
|
99b432 |
AUTHOR
|
|
|
99b432 |
------
|