The "crypto-policies" utility from Redhat and CentOS is also available in Ubuntu. It is supposed to help with the management of configuration of the core cryptographic subsystems like TLS, IKE, IPSec, DNSSec, and Kerberos. I was able to follow the documentation in the man pages and make it work in Redhat/CentOS 8 but not in Ubuntu 20.04. Is there a special way to configure this utility for Ubuntu?
For instance one difference that I observed was the in Redhat/CentOS, the apache's ssl.conf file has the following entry:
SSLCipherSuite PROFILE=SYSTEM
This is different in Ubuntu's apache ssl.conf file. There it is:
SSLCipherSuite HIGH:!aNULL
I tried setting this parameter's value to PROFILE=SYSTEM, but then apache doesn't restart and gives the following error:
[Mon Aug 17 16:26:12.015608 2020] [ssl:emerg] [pid 3369:tid 140004399066176] AH01898: Unable to configure permitted SSL ciphers
[Mon Aug 17 16:26:12.015654 2020] [ssl:emerg] [pid 3369:tid 140004399066176] SSL Library Error: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match
[Mon Aug 17 16:26:12.015660 2020] [ssl:emerg] [pid 3369:tid 140004399066176] AH02311: Fatal error initialising mod_ssl, exiting.
I am probably missing some small configuration step. Any pointers will be highly appreciated :)