[OE-core] [PATCH v2] dropbear: disable medium-strength ssh ciphers
Burton, Ross
ross.burton at intel.com
Thu Sep 13 16:00:03 UTC 2018
This still can't be actually used, because dropbear won't be looking
in the recipe folder and nothing puts that file into the source tree.
Put a #error in it if you don't believe me. :)
Ross
On 12 September 2018 at 22:56, <joseph-reynolds at charter.net> wrote:
> This changes the Dropbear SSH server configuration so it will not
> accept medium-strength encryption ciphers including: CBC mode, MD5,
> 96-bit MAC, and triple DES. This is consistent with the default
> supported OpenSSH ciphers.
>
> Upstream-Status: Pending
>
> Signed-off-by: Joseph Reynolds <joseph-reynolds at charter.net>
> ---
> meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++
> 1 file changed, 8 insertions(+)
> create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h
>
> diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h
> b/meta/recipes-core/dropbear/dropbear/localoptions.h
> new file mode 100644
> index 0000000..ec48c26
> --- /dev/null
> +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h
> @@ -0,0 +1,8 @@
> +/* Customize dropbear per default_options.h in the dropbear project */
> +
> +/* Disable insecure ciphers */
> +#define DROPBEAR_TWOFISH256 0
> +#define DROPBEAR_TWOFISH128 0
> +#define DROPBEAR_ENABLE_CBC_MODE 0
> +#define DROPBEAR_SHA1_HMAC 0
> +#define DROPBEAR_SHA1_96_HMAC 0
> --
> 1.8.3.1
>
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
More information about the Openembedded-core
mailing list