[OE-core] [PATCH v2] dropbear: disable medium-strength ssh ciphers
joseph-reynolds at charter.net
joseph-reynolds at charter.net
Wed Sep 12 21:56:02 UTC 2018
This changes the Dropbear SSH server configuration so it will not
accept medium-strength encryption ciphers including: CBC mode, MD5,
96-bit MAC, and triple DES. This is consistent with the default
supported OpenSSH ciphers.
Upstream-Status: Pending
Signed-off-by: Joseph Reynolds
---
meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++
1 file changed, 8 insertions(+)
create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h
diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h
b/meta/recipes-core/dropbear/dropbear/localoptions.h
new file mode 100644
index 0000000..ec48c26
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/localoptions.h
@@ -0,0 +1,8 @@
+/* Customize dropbear per default_options.h in the dropbear project
*/
+
+/* Disable insecure ciphers */
+#define DROPBEAR_TWOFISH256 0
+#define DROPBEAR_TWOFISH128 0
+#define DROPBEAR_ENABLE_CBC_MODE 0
+#define DROPBEAR_SHA1_HMAC 0
+#define DROPBEAR_SHA1_96_HMAC 0
--
1.8.3.1
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20180912/9f4e3e2f/attachment-0002.html>
More information about the Openembedded-core
mailing list