[Buildroot] [PATCH v2] dropbear: Disable legacy/insecure options
Baruch Siach
baruch at tkos.co.il
Tue Jul 3 04:25:26 UTC 2018
Hi Stefan,
On Mon, May 07, 2018 at 02:28:44PM +0200, Stefan Sørensen wrote:
> Dropbear by default enables a number of algorithms that are now considered
> insecure and should only be used when legacy support is required:
> 3DES encryption
> Blowfish encryption
> SHA1-96 message integrity
> CBC encryption mode
> DSA public keys
> Diffie-Hellman Group1 key exchange
>
> So disable them by default, but add a config option for bringing them back.
> Furthermore the Blowfish legacy algorithm is unconditionally disabled
>
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
Reviewed-by: Baruch Siach <baruch at tkos.co.il>
baruch
--
http://baruch.siach.name/blog/ ~. .~ Tk Open Systems
=}------------------------------------------------ooO--U--Ooo------------{=
- baruch at tkos.co.il - tel: +972.52.368.4656, http://www.tkos.co.il -
More information about the buildroot
mailing list