[OE-core] [PATCH v2] dropbear: disable medium-strength ssh ciphers
Alexander Kanavin
alex.kanavin at gmail.com
Thu Sep 13 16:47:35 UTC 2018
Actually, I'd rather have an 'upstream first' policy in this specific
case. If the change is good and desirable, please work with the
upstream to merge it there.
Alex
2018-09-13 18:00 GMT+02:00 Burton, Ross <ross.burton at intel.com>:
> This still can't be actually used, because dropbear won't be looking
> in the recipe folder and nothing puts that file into the source tree.
> Put a #error in it if you don't believe me. :)
>
> Ross
>
> On 12 September 2018 at 22:56, <joseph-reynolds at charter.net> wrote:
>> This changes the Dropbear SSH server configuration so it will not
>> accept medium-strength encryption ciphers including: CBC mode, MD5,
>> 96-bit MAC, and triple DES. This is consistent with the default
>> supported OpenSSH ciphers.
>>
>> Upstream-Status: Pending
>>
>> Signed-off-by: Joseph Reynolds <joseph-reynolds at charter.net>
>> ---
>> meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>> create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h
>>
>> diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h
>> b/meta/recipes-core/dropbear/dropbear/localoptions.h
>> new file mode 100644
>> index 0000000..ec48c26
>> --- /dev/null
>> +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h
>> @@ -0,0 +1,8 @@
>> +/* Customize dropbear per default_options.h in the dropbear project */
>> +
>> +/* Disable insecure ciphers */
>> +#define DROPBEAR_TWOFISH256 0
>> +#define DROPBEAR_TWOFISH128 0
>> +#define DROPBEAR_ENABLE_CBC_MODE 0
>> +#define DROPBEAR_SHA1_HMAC 0
>> +#define DROPBEAR_SHA1_96_HMAC 0
>> --
>> 1.8.3.1
>>
>>
>> --
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core at lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
More information about the Openembedded-core
mailing list