ssh-audit icon indicating copy to clipboard operation
ssh-audit copied to clipboard
verified publisher icon jtesta

Policy "Hardened Amazon Linux 2023 (version 2)" is failing on the latest AL 2023 with the FUTURE crypto policy.

Open Houlistonm opened this issue 4 months ago • 4 comments

The problem is we made the boxes more secure by usr/bin/update-crypto-policies --set FUTURE which dropped some Ciphers, Group exchange, Key exchange, and MACs and added others.

Maybe a new policy for DEFAULT crypto policy and another for FUTURE?

Love the tool, working out well as we harden our OS.

Houlistonm avatar Aug 19 '25 17:08 Houlistonm

Just out of curiosity, where did that update-crypto-policies command come from, @Houlistonm ?

perkelix avatar Sep 06 '25 12:09 perkelix

Appears to upstream from Amazon ...

link to redhat docs

Houlistonm avatar Sep 11 '25 11:09 Houlistonm

You mean these?

That apparently was ported to other distros as well, but is not actively maitnained outside of RHEL.

perkelix avatar Sep 11 '25 11:09 perkelix

looks right (from memory), I'm on holiday this week, so I can't compare to one of our VMs.

Houlistonm avatar Sep 11 '25 11:09 Houlistonm