Is it possible to mix and match crypto policies using approved tools in CentOS 8? Our environment requires a LEGACY setting for OpenSSL so we can maintain connections with our LDAP servers (which we cannot update at this time), but I'd like especially the OpenSSH settings to use the DEFAULT policy (and maybe even FUTURE on a test host or two). I think it's possible to manually repoint the symbolic links in /etc/crypto-policies/back-ends to achieve that result, and I'll set up puppet rules if that's the only way to do so, but I'd prefer to use a more canonical approach if one exists. -- Paul Heinlein heinlein at madboa.com 45°38' N, 122°6' W