[OE-core] [PATCH v2] dropbear: new feature: disable-weak-ciphers
Joseph Reynolds
jrey at linux.ibm.com
Mon Jul 1 18:48:11 UTC 2019
On 6/30/19 4:58 PM, Richard Purdie wrote:
> On Fri, 2019-06-28 at 18:03 -0500, Joseph Reynolds wrote:
>> From 587a9e5c637ad3e70b8e35a3ca66013693ce7ac7 Mon Sep 17 00:00:00
>> 2001
>> From: Joseph Reynolds <joseph.reynolds1 at ibm.com>
>> Date: Wed, 19 Jun 2019 20:16:40 -0500
>> Subject: [PATCH v2] dropbear: new feature: disable-weak-ciphers
>>
>> Enhances dropbear with a new feature "disable-weak-ciphers", on by
>> default.
>> This feature disables all CBC, SHA1, and diffie-hellman group1
>> ciphers in
>> the dropbear ssh server and client.
>>
>> Disable this feature if you need to connect to the ssh server from
>> older
>> clients. Additional customization can be done with local_options.h
>> as
>> usual.
>>
>> Tested: On github.com/openbmc/openbmc using dropbear_2019.78.
>>
>> Signed-off-by: Joseph Reynolds <joseph.reynolds1 at ibm.com>
>> ---
>> meta/recipes-core/dropbear/dropbear.inc | 6 ++-
>> .../0007-dropbear-disable-weak-ciphers.patch | 57
>> ++++++++++++++++++++++
>> 2 files changed, 61 insertions(+), 2 deletions(-)
>> create mode 100644
>> meta/recipes-core/dropbear/dropbear/0007-dropbear-disable-weak-
>> ciphers.patch
> I merged v1 of this patch previously. What was different in this
> version?
The v2 patch had the same content with fixed up commit messages. You can
ignore it.
Thanks for handling this.
>
> Also, the patch was still line wrapped so very hard to apply (had to be
> manually fixed).
>
> Cheers,
>
> Richard
>
More information about the Openembedded-core
mailing list