---

- name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
  block:
      - name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy | set_fact"
        ansible.builtin.set_fact:
            rhel9cis_full_crypto_policy: "{{ rhel9cis_crypto_policy }}{% if rhel9cis_crypto_policy_module | length > 0 %}:{{ rhel9cis_crypto_policy_module }}{% endif %}"

      - name: "1.10 | PATCH | Ensure system-wide crypto policy is not legacy"
        ansible.builtin.shell: |
            update-crypto-policies --set "{{ rhel9cis_full_crypto_policy }}"
            update-crypto-policies
        notify: change_requires_reboot
        when:
            - system_wide_crypto_policy.stdout != rhel9cis_full_crypto_policy
  when:
      - rhel9cis_rule_1_10

  tags:
      - level1-server
      - level1-workstation
      - automated
      - no system_is_ec2
      - patch
      - rule_1.10