[yocto-security] Should dropbear ssh disallow SHA1
Joseph Reynolds
jrey at linux.ibm.com
Tue May 7 16:07:46 PDT 2019
The OpenBMC project [1] uses Yocto/poky, including the dropbear ssh
server. We are changing the default ciphers offered by dropbear to
disallow SHA1, because we believe this level of security is correct for
our project. The change is currently in code review [2].
Would you like to make this change or a similar change in Yocto/poky?
Even if doing so might break compatibility with older ssh clients? See
our code review [2] for considerations.
- Joseph
[1]: github.com/openbmc/openbmc
[2]: https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/21028
More information about the yocto-security
mailing list