[Buildroot] [PATCH v3] dropbear: Disable legacy/insecure options

Thomas De Schampheleire thomas.de_schampheleire at nokia.com
Wed Jul 4 08:45:17 UTC 2018


On Tue, Jul 03, 2018 at 01:38:26PM +0300, Baruch Siach wrote:
> Hi Stefan,
> 
> On Tue, Jul 03, 2018 at 09:48:10AM +0200, Stefan Sørensen wrote:
> > Dropbear by default enables a number of algorithms that are now considered
> > insecure and should only be used when legacy support is required:
> >    3DES encryption
> >    Blowfish encryption
> >    SHA1-96 message integrity
> >    CBC encryption mode
> >    DSA public keys
> >    Diffie-Hellman Group1 key exchange
> > 
> > So disable them by default, but add a config option for bringing them back.
> > Furthermore the Blowfish legacy algorithm is unconditionally disabled
> > 
> > Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> 
> Reviewed-by: Baruch Siach <baruch at tkos.co.il>

Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire at nokia.com>




More information about the buildroot mailing list