# A level with no ciphers enabled.

# MACs: None
# Curves: None
# Signature algorithms: None
# Ciphers: None
# Key exchange: None
# DH params size:
# RSA params size:
# Protocols: None

CONFIG_GNUTLS="SYSTEM=NONE"

CONFIG_GNUTLS28="SYSTEM=NONE"

# We cannot limit the TLS version number in openssl, thus we cannot disable
# SSL 3.0, nor specify minimum sizes for DH or RSA parameters.
CONFIG_OPENSSL=\
"-ALL"

# Configuration for Bind
CONFIG_BIND=\
"disable-algorithms \".\"  {\n"\
"RSAMD5;\n"\
"RSA;\n"\
"DH;\n"\
"DSA;\n"\
"RSASHA256;\n"\
"RSASHA512;\n"\
"NSEC3DSA;\n"\
"NSECRSASHA1;\n"\
"RSASHA1;\n"\
"ECCGOST\n"\
"ECDSAP256SHA256\n"\
"ECDSAP384SHA384\n"\
"};\n"\
"disable-ds-digests \".\"  {\n"\
"SHA1;\n"\
"SHA-256;\n"\
"GOST;\n"\
"SHA-384;\n"\
"};\n"

# Configuration for Java
CONFIG_JAVA="$(cat <<EOF
jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1, DSA, RSA, ECDSA
jdk.tls.disabledAlgorithms=SSLv2, SSLv3, TLSv1, TLSv1.1, TLSv1.2, DH, \
 HmacMD5, HmacSHA1, K_NULL, C_NULL, M_NULL, \
 RSA, DH_DSA, DH_RSA, EC_EC, EC_RSA, EC,
 DHE_DSS_EXPORT, DHE_RSA_EXPORT, DH_anon_EXPORT, DH_DSS_EXPORT, \
 DH_RSA_EXPORT, RSA_EXPORT, DH_anon, ECDH_anon, RC4_128, RC4_40, DES_CBC, \
 DES40_CBC, RC2, 3DES_EDE_CBC
jdk.tls.legacyAlgorithms=
EOF
)"

# Configuration for libkrb5
CONFIG_KRB5="$(cat <<EOF
# This file is automatically generated by update-crypto-policies.
permitted_enctypes = 
EOF
)"
