Configure Crypto Policy to Disable CBC and sha1 hash

1. Run the following command to check the crypto policy which is currently in use in the Rocky Linux 8/RHEL 8 VM. If it's set to DEFAULT (By default, it's set to DEFAULT) or any other policy, copy it to the following location: /etc/crypto-policies/policies/modules/. Then follow the below steps to remove the CBC ciphers:

   update-crypto-policies --show
   
   sudo cp /usr/share/crypto-policies/policies/DEFAULT.pol /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod
   
   sudo sed --in-place 's/CAMELLIA-256-CBC//' /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod
   
   sudo sed --in-place 's/AES-256-CBC//' /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod
   
   sudo sed --in-place 's/CAMELLIA-128-CBC//' /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod
   
   sudo sed --in-place 's/AES-128-CBC//' /etc/crypto-policies/policies/modules/DISABLE-CBC.pmod
   

2. To disable sha1, follow the below steps:

   1. Run the below command:
      sudo cp /usr/share/crypto-policies/policies/modules/NO-SHA1.pmod /etc/crypto-policies/policies/modules/NO-SHA1.pmod

   2. Set the DISABLE-CBC and NO-SHA1 policies and run the following command to restart the VM.

      sudo update-crypto-policies --set DEFAULT:DISABLE-CBC:NO-SHA1
      
      sudo init 6
      

   3. After the VM is restarted, run the following command to check the updated cryptographic policies. sudo update-crypto-policies --show