[Buildroot] [PATCH v3] dropbear: Disable legacy/insecure options
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Jul 4 19:44:39 UTC 2018
Hello,
On Tue, 3 Jul 2018 09:48:10 +0200, Stefan Sørensen wrote:
> Dropbear by default enables a number of algorithms that are now considered
> insecure and should only be used when legacy support is required:
> 3DES encryption
> Blowfish encryption
> SHA1-96 message integrity
> CBC encryption mode
> DSA public keys
> Diffie-Hellman Group1 key exchange
>
> So disable them by default, but add a config option for bringing them back.
> Furthermore the Blowfish legacy algorithm is unconditionally disabled
>
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> ---
> Changes v2->v3:
> * Rebase on 037b8616257067282e375edca9af19418a0e7a4a
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list