HEX
Server: LiteSpeed
System: Linux kapuas.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: mirz4654 (1666)
PHP: 8.1.33
Disabled: system,exec,escapeshellarg,escapeshellcmd,passthru,proc_close,proc_get_status,proc_nice,proc_open,proc_terminate,shell_exec,popen,pclose,dl,pfsockopen,leak,apache_child_terminate,posix_kill,posix_mkfifo,posix_setsid,posix_setuid,posix_setpgid,ini_alter,show_source,define_syslog_variables,symlink,syslog,openlog,openlog,closelog,ocinumcols,listen,chgrp,apache_note,apache_setenv,debugger_on,debugger_off,ftp_exec,dll,ftp,myshellexec,socket_bind,mail,posix_getwpuid
$ pwd: /usr/share/crypto-policies/policies/
Upload Files
File: //usr/share/crypto-policies/policies/FIPS.pol
# Only FIPS approved or allowed algorithms. It does not provide FIPS compliance
# by itself, the FIPS validated crypto modules must be properly installed
# and the machine must be booted into the FIPS mode.

# MACs: SHA-256 or better
# Curves: all prime >= 256 bits
# Signature algorithms: with SHA-224 hash or better (no DSA)
# TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, excluding AES-CBC)
# key exchange: ECDHE, RSA, DHE (no DHE-DSS)
# DH params size: >= 2048
# RSA params size: >= 2048
# TLS protocols: TLS >= 1.2, DTLS >= 1.2

mac = AEAD HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512
mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD HMAC-SHA2-512

group = SECP256R1 SECP521R1 SECP384R1 \
        FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192

hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256

sign = ECDSA-SHA3-256 ECDSA-SHA2-256 \
       ECDSA-SHA3-384 ECDSA-SHA2-384 \
       ECDSA-SHA3-512 ECDSA-SHA2-512 \
       RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \
       RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \
       RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \
       RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \
       RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \
       RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \
       RSA-SHA3-256 RSA-SHA2-256 \
       RSA-SHA3-384 RSA-SHA2-384 \
       RSA-SHA3-512 RSA-SHA2-512 \
       ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224

cipher = AES-256-GCM AES-256-CCM AES-256-CTR \
         AES-128-GCM AES-128-CCM AES-128-CTR

cipher@TLS = AES-256-GCM AES-256-CCM \
             AES-128-GCM AES-128-CCM

# Kerberos is an exception,
# we allow CBC CTS ciphers as there are no other options
cipher@Kerberos = AES-256-CBC AES-128-CBC

key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK

protocol@TLS = TLS1.3 TLS1.2 DTLS1.2
protocol@IKE = IKEv2

# Parameter sizes
min_dh_size = 2048
min_dsa_size = 2048  # DSA is disabled
min_rsa_size = 2048

# GnuTLS only for now
sha1_in_certs = 0

arbitrary_dh_groups = 1
ssh_certs = 1
etm@SSH = ANY

__ems = ENFORCE
@ Telegram