[Buildroot] [PATCH v3] dropbear: Disable legacy/insecure options
Thomas De Schampheleire
thomas.de_schampheleire at nokia.com
Wed Jul 4 08:45:17 UTC 2018
On Tue, Jul 03, 2018 at 01:38:26PM +0300, Baruch Siach wrote:
> Hi Stefan,
>
> On Tue, Jul 03, 2018 at 09:48:10AM +0200, Stefan Sørensen wrote:
> > Dropbear by default enables a number of algorithms that are now considered
> > insecure and should only be used when legacy support is required:
> > 3DES encryption
> > Blowfish encryption
> > SHA1-96 message integrity
> > CBC encryption mode
> > DSA public keys
> > Diffie-Hellman Group1 key exchange
> >
> > So disable them by default, but add a config option for bringing them back.
> > Furthermore the Blowfish legacy algorithm is unconditionally disabled
> >
> > Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
>
> Reviewed-by: Baruch Siach <baruch at tkos.co.il>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>
More information about the buildroot
mailing list