[yocto-security] Default dropbear cipers should disallow SHA1
richard.purdie at linuxfoundation.org
richard.purdie at linuxfoundation.org
Wed May 8 03:05:19 PDT 2019
Hi Joseph,
I remember you sent patches last year related to this. As far as I
remember we never got the final version of it which just changed the
default, it looks like you have that now.
I'd probably accept such a patch into OE-Core if you send the patch to
us.
Does openssh disable that by default now? If it does the commit should
mention that as it helps show we're not losing functionality. I'd also
need to ask if anyone has discussed this with dropbear upstream as that
would need to be documented too.
Cheers,
Richard
From: Joseph Reynolds <jrey at linux.ibm.com>
> Hello. The OpenBMC project [1] uses Yocto/poky, including the
> dropbear ssh server. We are changing the default ciphers offered to
> disallow SHA1, currently in code review [2]. Would you like to make
> this change or a similar change in Yocto/poky?
>
> - Joseph
>
> [1]: github.com/openbmc/openbmc
> [2]:
> https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/21028
>
> This message, including attachments, is CONFIDENTIAL. It may also be
> privileged or otherwise protected by law. If you received this email
> by mistake please let us know by reply and then delete it from your
> system; you should not copy it or disclose its contents to anyone.
> All messages sent to and from Enea may be monitored to ensure
> compliance with internal policies and to protect our business. Emails
> are not secure and cannot be guaranteed to be error free as they can
> be intercepted, a mended, lost or destroyed, or contain viruses. The
> sender therefore does not accept liability for any errors or
> omissions in the contents of this message, which arise as a result of
> email transmission. Anyone who communicates with us by email accepts
> these risks.
>
More information about the yocto-security
mailing list