[CentOS] easy way to stop old ssl's

Sat Oct 12 10:06:12 UTC 2019
Markus Falb <markus.falb at fasel.at>

On 11.10.19 22:40, Warren Young wrote:
> On Oct 11, 2019, at 12:12 PM, Jerry Geis <jerry.geis at gmail.com> wrote:
>>
>> is there a script that is available that can be ran to bring
>> a box up to current "accepted" levels ?
> 
> I don’t know why you’d use a script for this at all.  Just ship a new HTTPS configuration to each server.  Apache loads all *.conf files in its configuration directory, so you might be able to just add another file to the existing config set.  If not, then replace the existing config file instead.

Instead of configuring every application separataly it would be nice if
"accepted levels of security" could be set system wide.

With 8 it seems there is such a thing

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening

Although I believe that FIPS mode is also available in 7

I did not used neither system wide cryptographic policies nor FIPS mode
so my post is more the theoretical one, but I thought it is on topic.

-- 
Kind Regards, Markus Falb