[Buildroot] [PATCH] dropbear: Disable legacy/insecure options
Carlos Santos
casantos at datacom.com.br
Sun Jul 1 01:12:56 UTC 2018
Stefan Sørensen wrote:
> Dropbear by default enables a number of algorithms that are now considered
> insecure and should only be used when legacy support is required:
> 3DES encryption
> Blowfish encryption
> SHA1-96 message integrity
> CBC encryption mode
> DSA public keys
> Diffie-Hellman Group1 key exchange
>
> So disable them by default, but add a config option for bringing them back.
> Furthermore the Blowfish legacy algorithm is unconditionally disabled
[...]
Looks good but after commit 037b8616257067282e375edca9af19418a0e7a4a it
needs to be rebased.
--
Carlos Santos
DATACOM P&D
More information about the buildroot
mailing list