Hacked By AnonymousFox

Current Path : /usr/share/crypto-policies/policies/
Upload File :
Current File : //usr/share/crypto-policies/policies/FUTURE.pol

# A level that will provide security on a conservative level that is
# believed to withstand any near-term future attacks. And also provide
# some (not complete) preparation for post quantum encryption support
# in form of 256 bit symmetric encryption requirement.
# It provides at least an 128-bit security. This level may prevent
# communication with many used systems that provide weaker security levels
# (e.g., systems that use SHA-1 as signature algorithm).

# MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc)
# Curves: all prime >= 255 bits (including Bernstein curves)
# Signature algorithms: with SHA-256 hash or better (no DSA)
# TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers, no CBC ciphers
# non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers, CBC only for Kerberos
# key exchange: ECDHE, DHE (no DHE-DSS)
# DH params size: >= 3072
# RSA params size: >= 3072
# TLS protocols: TLS >= 1.2, DTLS >= 1.2

mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512
mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512

group = X25519 X448 SECP256R1 SECP384R1 SECP521R1 \
    FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192

hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512

sign = ECDSA-SHA3-256 ECDSA-SHA2-256 \
       ECDSA-SHA3-384 ECDSA-SHA2-384 \
       ECDSA-SHA3-512 ECDSA-SHA2-512 \
       EDDSA-ED25519 EDDSA-ED448 \
       RSA-PSS-SHA2-256 RSA-PSS-SHA2-384 RSA-PSS-SHA2-512 \
       RSA-SHA3-256 RSA-SHA2-256 \
       RSA-SHA3-384 RSA-SHA2-384 \
       RSA-SHA3-512 RSA-SHA2-512

cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 CAMELLIA-256-GCM \
         AES-256-CTR
cipher@Kerberos = AES-256-CBC+ CAMELLIA-256-CBC+

cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305

key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS

protocol@TLS = TLS1.3 TLS1.2 DTLS1.2
protocol@IKE = IKEv2

# Parameter sizes
min_dh_size = 3072
min_dsa_size = 3072
min_rsa_size = 3072

# GnuTLS only for now
sha1_in_certs = 0

arbitrary_dh_groups = 1
ssh_certs = 1
ssh_etm = 1

Hacked By AnonymousFox1.0, Coded By AnonymousFox