Initial Windows agent repository
This commit is contained in:
commit
a0db0c2e5b
10589 changed files with 3844063 additions and 0 deletions
10
OGP64/usr/share/crypto-policies/FIPS/bind.txt
Normal file
10
OGP64/usr/share/crypto-policies/FIPS/bind.txt
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
disable-algorithms "." {
|
||||
RSAMD5;
|
||||
RSASHA1;
|
||||
NSEC3RSASHA1;
|
||||
DSA;
|
||||
};
|
||||
disable-ds-digests "." {
|
||||
SHA-1;
|
||||
GOST;
|
||||
};
|
||||
1
OGP64/usr/share/crypto-policies/FIPS/gnutls.txt
Normal file
1
OGP64/usr/share/crypto-policies/FIPS/gnutls.txt
Normal file
|
|
@ -0,0 +1 @@
|
|||
SYSTEM=NONE:+MAC-ALL:-MD5:+GROUP-ALL:-GROUP-X25519:+SIGN-ALL:-SIGN-RSA-MD5:-SIGN-RSA-SHA1:-SIGN-DSA-SHA1:-SIGN-ECDSA-SHA1:-SIGN-DSA-SHA224:-SIGN-DSA-SHA256:-SIGN-DSA-SHA384:-SIGN-DSA-SHA512:-SIGN-EDDSA-ED25519:%VERIFY_ALLOW_SIGN_WITH_SHA1:+CIPHER-ALL:-CHACHA20-POLY1305:-CAMELLIA-256-GCM:-CAMELLIA-128-GCM:-CAMELLIA-256-CBC:-CAMELLIA-128-CBC:-3DES-CBC:-ARCFOUR-128:+ECDHE-RSA:+ECDHE-ECDSA:+DHE-RSA:+VERS-ALL:-VERS-DTLS0.9:-VERS-SSL3.0:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.3:-VERS-DTLS1.0:+COMP-NULL:%PROFILE_MEDIUM
|
||||
4
OGP64/usr/share/crypto-policies/FIPS/java.txt
Normal file
4
OGP64/usr/share/crypto-policies/FIPS/java.txt
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
jdk.tls.ephemeralDHKeySize=2048
|
||||
jdk.certpath.disabledAlgorithms=MD2, SHA1, MD5, DSA, RSA keySize < 2048
|
||||
jdk.tls.disabledAlgorithms=DH keySize < 2048, SSLv2, SSLv3, TLSv1, TLSv1.1, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, DHE_DSS, RSA_EXPORT, DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_DSS_EXPORT, DH_RSA_EXPORT, DH_anon, ECDH_anon, DH_RSA, DH_DSS, ECDH, 3DES_EDE_CBC, DES_CBC, RC4_40, RC4_128, DES40_CBC, RC2, HmacMD5
|
||||
jdk.tls.legacyAlgorithms=
|
||||
2
OGP64/usr/share/crypto-policies/FIPS/krb5.txt
Normal file
2
OGP64/usr/share/crypto-policies/FIPS/krb5.txt
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
[libdefaults]
|
||||
permitted_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128
|
||||
5
OGP64/usr/share/crypto-policies/FIPS/libreswan.txt
Normal file
5
OGP64/usr/share/crypto-policies/FIPS/libreswan.txt
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
conn %default
|
||||
ikev2=insist
|
||||
pfs=yes
|
||||
ike=aes_gcm256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes256-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes_gcm128-sha2_512+sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18,aes128-sha2_256-dh19+dh20+dh21+dh14+dh15+dh16+dh18
|
||||
esp=aes_gcm256,aes256-sha2_512+sha1+sha2_256,aes_gcm128,aes128-sha1+sha2_256
|
||||
6
OGP64/usr/share/crypto-policies/FIPS/nss.txt
Normal file
6
OGP64/usr/share/crypto-policies/FIPS/nss.txt
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
library=
|
||||
name=Policy
|
||||
NSS=flags=policyOnly,moduleDB
|
||||
config="disallow=ALL allow=HMAC-SHA256:HMAC-SHA1:HMAC-SHA384:HMAC-SHA512:SECP256R1:SECP384R1:SECP521R1:aes256-gcm:aes256-cbc:aes128-gcm:aes128-cbc:SHA256:SHA384:SHA512:ECDHE-RSA:ECDHE-ECDSA:DHE-RSA:tls-version-min=tls1.2:dtls-version-min=dtls1.2:DH-MIN=2048:DSA-MIN=2048:RSA-MIN=2048"
|
||||
|
||||
|
||||
5
OGP64/usr/share/crypto-policies/FIPS/openssh.txt
Normal file
5
OGP64/usr/share/crypto-policies/FIPS/openssh.txt
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
Ciphers aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc
|
||||
MACs hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512
|
||||
GSSAPIKeyExchange no
|
||||
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512
|
||||
PubkeyAcceptedKeyTypes rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com
|
||||
1
OGP64/usr/share/crypto-policies/FIPS/opensshserver.txt
Normal file
1
OGP64/usr/share/crypto-policies/FIPS/opensshserver.txt
Normal file
|
|
@ -0,0 +1 @@
|
|||
CRYPTO_POLICY='-oCiphers=aes256-gcm@openssh.com,aes256-ctr,aes256-cbc,aes128-gcm@openssh.com,aes128-ctr,aes128-cbc -oMACs=hmac-sha2-256-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha2-512 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 -oHostKeyAlgorithms=rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com -oPubkeyAcceptedKeyTypes=rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com'
|
||||
1
OGP64/usr/share/crypto-policies/FIPS/openssl.txt
Normal file
1
OGP64/usr/share/crypto-policies/FIPS/openssl.txt
Normal file
|
|
@ -0,0 +1 @@
|
|||
@SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
|
||||
3
OGP64/usr/share/crypto-policies/FIPS/opensslcnf.txt
Normal file
3
OGP64/usr/share/crypto-policies/FIPS/opensslcnf.txt
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
CipherString = @SECLEVEL=2:kEECDH:kEDH:kPSK:kDHEPSK:kECDHEPSK:-kRSA:-aDSS:-CHACHA20-POLY1305:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8
|
||||
Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256
|
||||
MinProtocol = TLSv1.2
|
||||
Loading…
Add table
Add a link
Reference in a new issue