deprecate and disable verification of insecure hash algorithms add support for /etc/pki/tls/legacy-settings also for minimum DH length accepted by SSL client compare the encrypt and tweak key in XTS as required by FIPS