The StandardPolicy should read a system-wide configuration file
RHEL disallows SHA-1. One way they do this is through the use of system-wide configuration files, which the cryptographic libraries read and parse. Both OpenSSL and GnuTLS offer this. The StandardPolicy should support this as well.