File manager

File manager - Edit - /home/palg2351/public_html/klanaobsesiindonesia.com/wp-includes/Text/Diff/Engine/policies.zip

Back
PK��\�f'25 ��5 ��DEFAULT.polnu��[��# A reasonable default for today's standards. # It should provide 112-bit security. # SHA1 is allowed in HMAC where collision resistance does not matter. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-224 hash or better (no DSA) # Ciphers: >= 128-bit key, >= 128-bit block (AES, ChaCha20) # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA1 group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \ SHAKE-256 hash@RPM = SHA1+ sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 \ AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CCM \ AES-128-CTR AES-128-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher@RPM = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX \ AES-128-CFB AES-128-GCM AES-128-OCB AES-128-EAX # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = --CBC # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 # DSA is disabled min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY PK��\�� EMPTY.polnu��[��# Just an empty policy for testing mac = group = hash = sign = cipher = key_exchange = #protocol = # Parameter sizes min_dh_size = 0 min_dsa_size = 0 min_rsa_size = 0 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 0 ssh_certs = 0 etm@SSH = DISABLE_ETM PK��\o��= ��= �� FUTURE.polnu��[��# A level that will provide security on a conservative level that is # believed to withstand any near-term future attacks. And also provide # some (not complete) preparation for post quantum encryption support # in form of 256 bit symmetric encryption requirement. # It provides at least an 128-bit security. This level may prevent # communication with many used systems that provide weaker security levels # (e.g., systems that use SHA-1 as signature algorithm). # MACs: all HMAC with SHA256 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-256 hash or better (no DSA) # TLS Ciphers: >= 256-bit key, >= 128-bit block, only Authenticated Encryption (AE) ciphers, no CBC ciphers # non-TLS Ciphers: same as TLS Ciphers with added non AE ciphers, CBC only for Kerberos # key exchange: ECDHE, DHE (no DHE-DSS) # DH params size: >= 3072 # RSA params size: >= 3072 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 hash@RPM = SHA1+ sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 cipher = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 \ AES-256-CTR cipher@Kerberos = AES-256-CBC+ cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 cipher@RPM = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX # CBC ciphers in SSH are considered vulnerable to plaintext recovery attacks # and disabled in client OpenSSH 7.6 (2017) and server OpenSSH 6.7 (2014). cipher@SSH = --CBC key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 # Parameter sizes min_dh_size = 3072 min_dsa_size = 3072 # DSA is disabled min_rsa_size = 3072 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@ssh = ANY PK��\@(�}��}��FIPS.polnu��[��# Only FIPS approved or allowed algorithms. It does not provide FIPS compliance # by itself, the FIPS validated crypto modules must be properly installed # and the machine must be booted into the FIPS mode. # MACs: SHA-256 or better # Curves: all prime >= 256 bits # Signature algorithms: with SHA-224 hash or better (no DSA) # TLS Ciphers: >= 128-bit key, >= 128-bit block (AES, excluding AES-CBC) # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # TLS protocols: TLS >= 1.2, DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD HMAC-SHA2-512 group = SECP256R1 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 hash = SHA2-256 SHA2-384 SHA2-512 SHA2-224 SHA3-256 SHA3-384 SHA3-512 SHAKE-256 hash@RPM = SHA1+ sign = ECDSA-SHA3-256 ECDSA-SHA2-256 \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 sign@RPM = MLDSA65-ED25519+ MLDSA87-ED448+ # Standardized in OpenPGP cipher = AES-256-GCM AES-256-CCM AES-256-CTR \ AES-128-GCM AES-128-CCM AES-128-CTR cipher@TLS = AES-256-GCM AES-256-CCM \ AES-128-GCM AES-128-CCM cipher@RPM = AES-256-GCM AES-256-CFB AES-128-GCM AES-128-CFB # Kerberos is an exception, # we allow CBC CTS ciphers as there are no other options cipher@Kerberos = AES-256-CBC AES-128-CBC key_exchange = ECDHE DHE DHE-RSA PSK DHE-PSK ECDHE-PSK protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 # DSA is disabled min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 0 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY __ems = ENFORCE PK��\Qe��modules/NO-ENFORCE-EMS.pmodnu��[��# As per FIPS 140-3 IG Annex D.Q, EMS is mandatory in TLS 1.2 since 2023-05-16. # This subpolicy disables this mandatory EMS enforcement of the FIPS policy. # Doing so violates FIPS requirements, do not use in FIPS-compliant setups. __ems = RELAX PK��\�%�=��modules/AD-SUPPORT-LEGACY.pmodnu��[��# AD-SUPPORT-LEGACY subpolicy is intended to be used in Active Directory # environments where either accounts or trusted domain objects were not yet # migrated to AES or future encryption types. # This subpolicy enables all AES and RC4 Kerberos encryption types # to maximize Active Directory interoperability at the expense of security. cipher@kerberos = AES-256-CBC+ AES-128-CBC+ RC4-128+ mac@kerberos = HMAC-SHA2-384+ HMAC-SHA2-256+ HMAC-SHA1+ hash@kerberos = MD5+ PK��\��\��modules/AD-SUPPORT.pmodnu��[��# AD-SUPPORT subpolicy is intended to be used in Active Directory environments. # This subpolicy is provided for enabling aes256-cts-hmac-sha1-96, # the strongest Kerberos encryption type interoperable with Active Directory. cipher@kerberos = AES-256-CBC+ mac@kerberos = HMAC-SHA1+ PK��\'jf��modules/PQ.pmodnu��[��# An subpolicy enabling some of the # post-quantum and hybrid algorithms # currently available in RHEL-9. # Note that not all the backends support all the algorithms. group = +MLKEM1024-X448 group = +P384-MLKEM1024 group = +P256-MLKEM768 group = +MLKEM768-X25519 sign = +MLDSA87-ED448 sign = +MLDSA65-ED25519 sign = +MLDSA87 sign = +MLDSA65 sign = +MLDSA44 key_exchange = +KEM-ECDH PK��\�T��modules/SHA1.pmodnu��[��# This subpolicy adds SHA1 hash and signature support hash = SHA1+ sign = ECDSA-SHA1+ RSA-PSS-SHA1+ RSA-SHA1+ sha1_in_certs = 1 PK��\9��{��{��modules/NO-SHA1.pmodnu��[��# This is an example subpolicy dropping the SHA1 hash and signature support hash = -SHA1 sign = --SHA1 sha1_in_certs = 0 PK��\ԇhG��modules/OSPP.pmodnu��[��# Restrict FIPS policy for the Common Criteria OSPP profile. # SSH (upper limit) # Ciphers: aes256-ctr, aes256-cbc, aes256-gcm@openssh.com # PubkeyAcceptedKeyTypes: rsa-sha2-256, rsa‑sha2‑512 # MACs: hmac-sha2-256, hmac-sha2-512, implicit for aes256-gcm@openssh.com # KexAlgorithms: ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group16-sha512, diffie-hellman-group18-sha512 # TLS ciphers (suggested minimal set for openssl) # TLS_RSA_WITH_AES_128_CBC_SHA - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_CBC_SHA - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_128_CBC_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_CBC_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_128_GCM_SHA256 - excluded by FIPS, uses RSA key exchange # * TLS_RSA_WITH_AES_256_GCM_SHA384 - excluded by FIPS, uses RSA key exchange # * TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - excluded by FIPS (CBC) # * TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - excluded by FIPS (CBC) # * TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 # * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 # * TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself # * TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 # * TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - disabled, AES 128 + CBC # * TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - disabled, AES 128 # * TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - disabled in openssl itself # * TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # Supported Groups Extension in ClientHello: secp256r1, secp384r1, secp521r1 mac = -HMAC-SHA1 # see above, both SSH and TLS ended up not using it group = -SECP256R1 -FFDHE-2048 hash = -SHA2-224 -SHA3-* sign = --SHA2-224 -ECDSA-SHA2-256 cipher = -AES--CCM -AES-128-* cipher@!{ssh,tls} = -AES--CTR ssh_certs = 0 etm@ssh = DISABLE_ETM protocol@TLS = -TLS1.3 min_dh_size = 3072 min_rsa_size = 3072 arbitrary_dh_groups = 0 PK��\�h1��modules/ECDHE-ONLY.pmodnu��[��# This is an example of a subpolicy # enforcing ECDHE and ECDHE with PSK key exchanges key_exchange = ECDHE ECDHE-PSK group = -FFDHE- PK��\��%�� LEGACY.polnu��[��# Provides settings for ensuring maximum compatibility with legacy systems. # This policy is less secure and intended to be a easy way to switch system # to be compatible with older systems. # It should provide at least 80-bit security and excludes 3DES and RC4. # MACs: all HMAC with SHA1 or better + all modern MACs (Poly1305 etc) # Curves: all prime >= 255 bits (including Bernstein curves) # Signature algorithms: with SHA-1 hash or better (no DSA) # Ciphers: all available > 112-bit key, >= 128-bit block # (excluding 3DES and RC4) # key exchange: ECDHE, RSA, DHE (no DHE-DSS) # DH params size: >= 2048 # RSA params size: >= 2048 # DSA params size: DSA is not allowed # TLS protocols: TLS >= 1.2 DTLS >= 1.2 mac = AEAD HMAC-SHA2-256 HMAC-SHA1 UMAC-128 HMAC-SHA2-384 HMAC-SHA2-512 mac@Kerberos = HMAC-SHA2-384 HMAC-SHA2-256 AEAD UMAC-128 HMAC-SHA2-512 HMAC-SHA1 group = X25519 SECP256R1 X448 SECP521R1 SECP384R1 \ FFDHE-2048 FFDHE-3072 FFDHE-4096 FFDHE-6144 FFDHE-8192 FFDHE-1536 hash = SHA2-256 SHA2-384 SHA2-512 SHA3-256 SHA3-384 SHA3-512 SHA2-224 SHA3-224 \ SHAKE-256 SHAKE-128 SHA1 sign = ECDSA-SHA3-256 ECDSA-SHA2-256 ECDSA-SHA2-256-FIDO \ ECDSA-SHA3-384 ECDSA-SHA2-384 \ ECDSA-SHA3-512 ECDSA-SHA2-512 \ EDDSA-ED25519 EDDSA-ED25519-FIDO EDDSA-ED448 \ RSA-PSS-SHA3-256 RSA-PSS-SHA2-256 \ RSA-PSS-SHA3-384 RSA-PSS-SHA2-384 \ RSA-PSS-SHA3-512 RSA-PSS-SHA2-512 \ RSA-PSS-RSAE-SHA3-256 RSA-PSS-RSAE-SHA2-256 \ RSA-PSS-RSAE-SHA3-384 RSA-PSS-RSAE-SHA2-384 \ RSA-PSS-RSAE-SHA3-512 RSA-PSS-RSAE-SHA2-512 \ RSA-SHA3-256 RSA-SHA2-256 \ RSA-SHA3-384 RSA-SHA2-384 \ RSA-SHA3-512 RSA-SHA2-512 \ ECDSA-SHA2-224 RSA-PSS-SHA2-224 RSA-SHA2-224 \ ECDSA-SHA3-224 RSA-PSS-SHA3-224 RSA-SHA3-224 \ ECDSA-SHA1 RSA-PSS-SHA1 RSA-SHA1 cipher = AES-256-GCM AES-256-CCM \ CHACHA20-POLY1305 \ AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CCM \ AES-128-CTR AES-128-CBC cipher@TLS = AES-256-GCM AES-256-CCM CHACHA20-POLY1305 AES-256-CBC \ AES-128-GCM AES-128-CCM AES-128-CBC cipher@SSH = AES-256-GCM CHACHA20-POLY1305 AES-256-CTR AES-256-CBC \ AES-128-GCM AES-128-CTR AES-128-CBC cipher@RPM = AES-256-CFB AES-256-GCM AES-256-OCB AES-256-EAX \ AES-128-CFB AES-128-GCM AES-128-OCB AES-128-EAX # 'RSA' is intentionally before DHE ciphersuites, as the DHE ciphersuites have # interoperability issues in TLS. key_exchange = ECDHE RSA DHE DHE-RSA PSK DHE-PSK ECDHE-PSK RSA-PSK ECDHE-GSS DHE-GSS protocol@TLS = TLS1.3 TLS1.2 DTLS1.2 protocol@IKE = IKEv2 # Parameter sizes min_dh_size = 2048 min_dsa_size = 2048 # DSA is disabled min_rsa_size = 2048 # GnuTLS only for now sha1_in_certs = 1 arbitrary_dh_groups = 1 ssh_certs = 1 etm@SSH = ANY PK��\�f'25 ��5 ��DEFAULT.polnu��[��PK��\�� p ��EMPTY.polnu��[��PK��\o��= ��= �� FUTURE.polnu��[��PK��\@(�}��}��5��FIPS.polnu��[��PK��\Qe��modules/NO-ENFORCE-EMS.pmodnu��[��PK��\�%�=��- ��modules/AD-SUPPORT-LEGACY.pmodnu��[��PK��\��\��P"��modules/AD-SUPPORT.pmodnu��[��PK��\'jf��#��modules/PQ.pmodnu��[��PK��\�T��r%��modules/SHA1.pmodnu��[��PK��\9��{��{��6&��modules/NO-SHA1.pmodnu��[��PK��\ԇhG��&��modules/OSPP.pmodnu��[��PK��\�h1��N/��modules/ECDHE-ONLY.pmodnu��[��PK��\��%�� 0��LEGACY.polnu��[��PK�� 0;��

| ver. 1.4 | Github | . | PHP 8.3.30 | Generation time: 0.08 | proxy | phpinfo | Settings