/************************************************************************
* Brocade - Template for High Security Crypto Configuration
*
* Desc: 
*
* Default values for security crypto configurations for high security
*
*************************************************************************/

[Ver]  0.2

/*
* Group : SSH 
* Rules : Comma Separated
* Example :  aes128-ctr,aes192-ctr -> Note, no space before and after comma.
* Valid options: Kex, Mac, Enc
*/
[SSH] 
Enc:aes128-ctr,aes192-ctr,aes256-ctr
Kex:ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,curve25519-sha256
Mac:hmac-sha2-256,hmac-sha2-512


/*
* Group : AAA
* Rules : Textual openssl cipherlist (colon,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: RAD_Ciphers, LDAP_Ciphers
*/
[AAA]
RAD_Ciphers:ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4:!AEAD:!SHA1:!AESGCM
LDAP_Ciphers:ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4:!AEAD:!SHA1:!AESGCM
RAD_Protocol:TLSv1.2
LDAP_Protocol:TLSv1.2

/*
* Group : LOG
* Rules : Textual openssl cipherlist (colon,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: Ciphers
*/
[LOG]
Syslog_Ciphers:ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4:!AEAD:!SHA1:!AESGCM
Syslog_Protocol:TLSv1.2

/*
* Group : HTTPS
* Rules : Textual openssl cipherlist (colon,comma and space separated)
* Example: ALL:-MD5:!PSK
* Valid options: Ciphers
*/
[HTTPS] 
Ciphers:ECDSA:ECDH:RSA:AES:3DES:!RSAPSK:!DHEPSK:!PSK:!DSS:!AESCCM8:!AESCCM:!ARIAGCM:!CAMELLIA:!CHACHA20:!SEED:!RC4:!AEAD:!SHA1:!AESGCM
Protocol:TLSv1.3
Ciphers_tlsv1.3:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256

/*
* Group : X509v3
* Rules : Textual X509v3 validation options
* Example: Validation:Strict
* Valid options: Ciphers
*/
[X509v3]
Validation:Basic
