Change System-Wide Cryptographic Policy

As of Oracle Linux 8 and later, a default system-wide cryptographic policy no longer permits host systems to communicate with older, insecure protocols. For system configurations that require a different level of protection, Cockpit administrators can change the assigned cryptographic policy level (Default, Legacy, Future, FIPS) by using the web console.

What Do You Need?

• The Cockpit web console must be installed and accessible.

  For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

• Administrator privileges.

Steps

WARNING:

Changing the cryptographic policy on the host requires restarting the system.

Using the Cockpit web console, follow these steps to change the cryptographic policy configuration on the host system.

1. In the Cockpit navigation pane, click Overview.
2. In the Overview page, navigate to the Configuration panel, find the Cryptographic policy property, and then click Default (or the policy name that appears).
   The Change cryptographic policy dialog box appears with a brief description of each policy level.
3. In the Change cryptographic policy dialog box, select a policy level that best meets the requirements of the managed system, and then click Apply and reboot.