"Crypto Policy Definition Format" missing

Hi,

In order to improve the security on a RHEL 8.2 installation, I'm looking at some way to adjust the DEFAULT cryptographic policy.

According to the RHEL 8 Security Hardening guide (1) it is possible to create a module to customize that policy. Unfortunately, the reference for the details is to check the update-crypto-policies(8) man page, but the "Crypto Policy Definition Format" section doesn't exist.

My question is, how can I create a module to customize the cryptographic policy?

Especially I'm looking at a way to disable CBC ciphers in OpenSSH server (I'm aware that another solution exist (2), my preference would still be to customize the policy).

Thank you for your help.

1: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening#customizing-system-wide-cryptographic-policies-with-policy-modifiers_using-the-system-wide-cryptographic-policies

2: https://access.redhat.com/solutions/4410591