[Buildroot] [PATCH] package/dropbear: bump to version 2020.79

Peter Korsgaard peter at korsgaard.com
Tue Jun 23 06:19:25 UTC 2020


>>>>> "Alexander" == Alexander Dahl <post at lespocky.de> writes:

 > Hei hei,
 > On Mon, Jun 22, 2020 at 11:07:36AM +0200, Peter Korsgaard wrote:
 >> >>>>> "Francois" == Francois Perrad <fperrad at gmail.com> writes:
 >> 
 >> > CBC ciphers, 3DES and hmac-sha1-96 are now disabled by default.
 >> 
 >> Do we expect that to cause compatibility issues?

 > I just looked in package/dropbear/dropbear.mk and those options are
 > explicitly disabled if DROPBEAR_DISABLE_LEGACY_CRYPTO is set. From a

You mean NOT set (ifndef).

 > quick glance I would say now there's no possibility to activate those
 > anymore.

Indeed. Presumably we need to handle the case where the option is set to
ensure you end up with the configuration as described in the help text:

          Enable legacy and possibly insecure algorithms:
            3DES encryption
            SHA1-96 message integrity
            CBC encryption mode
            DSA public keys
            Diffie-Hellman Group1 key exchange

-- 
Bye, Peter Korsgaard



More information about the buildroot mailing list