[CentOS] Centos 8 crypto-policy to get SSL Labs A rating

Mon Jul 5 15:49:21 UTC 2021
Paul Heinlein <heinlein at madboa.com>

On Mon, 5 Jul 2021, Adrian Jenzer wrote:

> Hi Paul
> Thanks, but how do you "skip the crypto-policy for Apache"?
> It seems like crypto-policies configuration is overwriting my values in httpd-configuration.
> How I enforce the values in httpd.conf ?

I haven't taken the time necessary to figure out where exactly the 
'PROFILE=SYSTEM' string gets parsed and replaced, so I can't answer 
your specific question.

In my case, I don't use any Include or IncludeOptional statements in 
the main httpd.conf; it's all there in one file. Obviously, my 
solution won't work for everyone.

Paul Heinlein
heinlein at madboa.com
45.38° N, 122.59° W