[OE-core] [warrior][PATCH] dropbear: new feature: disable-weak-ciphers
Joseph Reynolds
jrey at linux.ibm.com
Mon Jul 15 21:08:20 UTC 2019
On 7/15/19 3:58 PM, Adrian Bunk wrote:
> On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
>> Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
>> This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
>> the dropbear ssh server and client.
>>
>> Disable this feature if you need to connect to the ssh server from older
>> clients. Additional customization can be done with local_options.h as usual.
>> ...
> Changing the default behaviour in a stable series does not sound
> appropriate to me.
Although this patch is for security, it is a config change and not a
fix. I understand if you don't want to add it to a release branch, and
I am am okay with that. I just want to know one way or the other. If
this is the answer, we'll put the patch into our downstream project
(github.com/openbmc/openbmc branch=warrior) ... waiting for more
opinions ....
Thanks!
- Joseph
>
> cu
> Adrian
>
More information about the Openembedded-core
mailing list