From dd909b48c8aff1f5fb63560eb611ccd8084e0b62 Mon Sep 17 00:00:00 2001
From: Frederick Witty <frederickw@mindpointgroup.com>
Date: Fri, 25 Apr 2025 11:47:17 -0400
Subject: [PATCH] Fix for #320 thank you @kodebach

Signed-off-by: Frederick Witty <frederickw@mindpointgroup.com>
---
 Changelog.md                                                  | 4 ++++
 .../policies/modules/NO-SSHWEAKCIPHERS.pmod.j2                | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index 4bd1c86..34b9c2c 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -1,5 +1,9 @@
 # Changes to rhel9CIS
 
+## 2.0.0 - Based on CIS v2.0.0
+
+- #320 - thanks to @kodebach
+
 ## 1.1.6 - Based on CIS v1.0.0
 
 - #190 - thanks to @ipruteanu-sie
diff --git a/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2 b/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
index d325a11..393cf88 100644
--- a/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
+++ b/templates/etc/crypto-policies/policies/modules/NO-SSHWEAKCIPHERS.pmod.j2
@@ -1,4 +1,4 @@
 # This is a subpolicy to disable weak ciphers
 # for the SSH protocol (libssh and OpenSSH)
 # Carried out as part of CIS Benchmark rules combined 1.6.6 and 5.1.4
-cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_5 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}
+cipher@SSH ={% if rhel9cis_rule_1_6_6 %} -CHACHA20-POLY1305{% endif %}{% if rhel9cis_rule_5_1_4 %} -3DES-CBC -AES-128-CBC -AES-192-CBC -AES-256-CBC{% endif %}