Revision control
Copy as Markdown
Other Tools
# There is no corresponding type for this text policy but it is useful
# for interop testing and fuzz testing
# It is based on the default policy, but allows 3DES, SHA-1 signatures,
# static RSA, reduces the ephemeral key sizes, and removes some
# non-standard ciphersuites
allow_tls10 = true
allow_tls11 = true
allow_tls12 = true
allow_tls13 = false
allow_dtls10 = false
allow_dtls12 = false
ciphers = AES-256/GCM AES-128/GCM ChaCha20Poly1305 AES-256 AES-128 3DES
macs = AEAD SHA-256 SHA-384 SHA-1
signature_hashes = SHA-512 SHA-384 SHA-256 SHA-1
signature_methods = ECDSA RSA IMPLICIT
key_exchange_methods = ECDH DH RSA
key_exchange_groups = x25519 x448 secp256r1 secp521r1 secp384r1 brainpool256r1 brainpool384r1 brainpool512r1 ffdhe/ietf/2048 ffdhe/ietf/3072 ffdhe/ietf/4096 ffdhe/ietf/6144 ffdhe/ietf/8192
allow_insecure_renegotiation = false
include_time_in_hello_random = true
allow_client_initiated_renegotiation = true
allow_server_initiated_renegotiation = false
hide_unknown_users = false
server_uses_own_ciphersuite_preferences = true
negotiate_encrypt_then_mac = true
session_ticket_lifetime = 86400
minimum_dh_group_size = 1024
minimum_ecdh_group_size = 255
minimum_rsa_bits = 1024
minimum_signature_strength = 80