In order to improve the security on a RHEL 8.2 installation, I'm looking at some way to adjust the DEFAULT cryptographic policy.
According to the RHEL 8 Security Hardening guide (1) it is possible to create a module to customize that policy. Unfortunately, the reference for the details is to check the update-crypto-policies(8) man page, but the "Crypto Policy Definition Format" section doesn't exist.
My question is, how can I create a module to customize the cryptographic policy?
Especially I'm looking at a way to disable CBC ciphers in OpenSSH server (I'm aware that another solution exist (2), my preference would still be to customize the policy).
Thank you for your help.