[CentOS] Mix/match C8 crypto policies

Fri Oct 4 15:40:11 UTC 2019
Paul Heinlein <heinlein at madboa.com>

Is it possible to mix and match crypto policies using approved tools 
in CentOS 8?

Our environment requires a LEGACY setting for OpenSSL so we can 
maintain connections with our LDAP servers (which we cannot update at 
this time), but I'd like especially the OpenSSH settings to use the 
DEFAULT policy (and maybe even FUTURE on a test host or two).

I think it's possible to manually repoint the symbolic links in 
/etc/crypto-policies/back-ends to achieve that result, and I'll set up 
puppet rules if that's the only way to do so, but I'd prefer to use a 
more canonical approach if one exists.

Paul Heinlein
heinlein at madboa.com
45°38' N, 122°6' W