[yocto-security] Fwd: [warrior][PATCH] dropbear: new feature: disable-weak-ciphers
Joseph Reynolds
jrey at linux.ibm.com
Mon Jul 15 13:45:54 PDT 2019
I am attempting to backport the dropbear disable-weak-cipher
PACKAGECONFIG option from master to the 2.7 (warrior) branch. (I got
my git send-email working, yay!)
- Joseph
-------- Forwarded Message --------
Subject: [warrior][PATCH] dropbear: new feature: disable-weak-ciphers
Date: Mon, 15 Jul 2019 15:38:57 -0500
From: Joseph Reynolds <jrey at linux.ibm.com>
To: openembedded-core at lists.openembedded.org
CC: Joseph Reynolds <jrey at linux.ibm.com>, Joseph Reynolds
<joseph.reynolds1 at ibm.com>, Richard Purdie
<richard.purdie at linuxfoundation.org>
Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
the dropbear ssh server and client.
Disable this feature if you need to connect to the ssh server from older
clients. Additional customization can be done with local_options.h as usual.
Tested: On dropbear_2019.78.
Upstream-Status: Inappropriate [configuration]
Signed-off-by: Joseph Reynolds <joseph.reynolds1 at ibm.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
...snip...
More information about the yocto-security
mailing list