[Buildroot] [PATCH v3] dropbear: Disable legacy/insecure options

Thomas Petazzoni thomas.petazzoni at bootlin.com
Wed Jul 4 19:44:39 UTC 2018


Hello,

On Tue,  3 Jul 2018 09:48:10 +0200, Stefan Sørensen wrote:
> Dropbear by default enables a number of algorithms that are now considered
> insecure and should only be used when legacy support is required:
>    3DES encryption
>    Blowfish encryption
>    SHA1-96 message integrity
>    CBC encryption mode
>    DSA public keys
>    Diffie-Hellman Group1 key exchange
> 
> So disable them by default, but add a config option for bringing them back.
> Furthermore the Blowfish legacy algorithm is unconditionally disabled
> 
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
> ---
> Changes v2->v3:
>  * Rebase on 037b8616257067282e375edca9af19418a0e7a4a

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin (formerly Free Electrons)
Embedded Linux and Kernel engineering
https://bootlin.com


More information about the buildroot mailing list