RHEL9-CIS/tasks/section_1/cis_1.10.yml

---

- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
  ansible.builtin.shell: |
      update-crypto-policies --set "{{ rhel9cis_crypto_policy }}"
      update-crypto-policies
  notify: Change_requires_reboot
  when:
      - rhel9cis_rule_1_10
      - system_wide_crypto_policy['stdout'] == 'LEGACY'
  tags:
      - level1-server
      - level1-workstation
      - no system_is_ec2
      - patch
      - rule_1.10