/************************************************************************
* Brocade - Generic Template for Security Crypto Configuration
*
* Desc: 
*
* Default values for security crypto configurations for operation in 
* generic mode
*
*************************************************************************/

[Ver]  0.1

/*
* Group : SSH 
* Rules : Comma Seperated
* Example :  aes128-ctr,aes192-ctr -> Note, no space before and after comma.
* Valid options: Kex, Mac, Enc
*/
[SSH] 
Enc:aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc
Kex:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
Mac:hmac-md5,hmac-sha1,hmac-sha2-256,hmac-sha2-512


/*
* Group : AAA
* Rules : Textual openssl cipherlist (colan,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: RAD_Ciphers, LDAP_Ciphers
*/
[AAA]
RAD_Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM 
LDAP_Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
RAD_Protocol:Any
LDAP_Protocol:Any

/*
* Group : LOG
* Rules : Textual openssl cipherlist (colan,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: Ciphers
*/
[LOG]
Syslog_Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
Syslog_Protocol:Any

/*
* Group : HTTPS
* Rules : Textual openssl cipherlist (colan,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: Ciphers
*/
[HTTPS] 
Ciphers:!ECDH:!DH:HIGH:-MD5:!CAMELLIA:!SRP:!PSK:!AESGCM
Protocol:Any

/*
* Group : X509v3
* Rules : Textual X509v3 validation options
* Example: Validation:Strict
* Valid options: Ciphers
*/
[X509v3]
Validation:Basic
