[Buildroot] [PATCH] package/dropbear: bump to version 2020.79
Peter Korsgaard
peter at korsgaard.com
Tue Jun 23 06:19:25 UTC 2020
>>>>> "Alexander" == Alexander Dahl <post at lespocky.de> writes:
> Hei hei,
> On Mon, Jun 22, 2020 at 11:07:36AM +0200, Peter Korsgaard wrote:
>> >>>>> "Francois" == Francois Perrad <fperrad at gmail.com> writes:
>>
>> > CBC ciphers, 3DES and hmac-sha1-96 are now disabled by default.
>>
>> Do we expect that to cause compatibility issues?
> I just looked in package/dropbear/dropbear.mk and those options are
> explicitly disabled if DROPBEAR_DISABLE_LEGACY_CRYPTO is set. From a
You mean NOT set (ifndef).
> quick glance I would say now there's no possibility to activate those
> anymore.
Indeed. Presumably we need to handle the case where the option is set to
ensure you end up with the configuration as described in the help text:
Enable legacy and possibly insecure algorithms:
3DES encryption
SHA1-96 message integrity
CBC encryption mode
DSA public keys
Diffie-Hellman Group1 key exchange
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list