Change System-Wide Crypto Policy

As of Oracle Linux 8 and later, a default system-wide Crypto Policy no longer permits host systems to communicate with older, insecure protocols. For system configurations that require a different level of protection, Cockpit administrators can change the assigned Crypto Policy level (Default, Legacy, Future, FIPs) by using the web console.

What Do You Need?

• The Cockpit web console must be installed and accessible.

  For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

• Administrator privileges.

Steps

WARNING:

Changing the Crypto Policy on the host requires restarting the system.

Using the Cockpit web console, follow these steps to change the Crypto Policy configuration on the host system.

1. In the Cockpit navigation pane, click Overview.
2. In the Overview page, navigate to the Configuration panel, find the Crypto policy property, and then click Default (or the policy name that appears).

   The Change Crypto Policy dialog appears with a brief description of each policy level.

3. In the Change Crypto Policy dialog, select a policy level that best meets the requirements of the managed system, and then click Apply and Reboot.