[yocto-security] Default dropbear cipers should disallow SHA1
Joseph Reynolds
jrey at linux.ibm.com
Tue May 14 08:26:52 PDT 2019
On 2019-05-10 07:36, KAINDL Bernhard wrote:
> Hi Richard, I'm also glad for having this discussion.
>
> Agreed, uses of SHA1 should be disabled when possible, as only long
> obsolete ssh/ssh-servers with tons of security bugs (and should be
> banned therefore) need it.
>
> I think you should submit a new patch (with the answers for Richards
> requests in the commit message to have that information recorded in in
> the git commit itself).
>
> Just for more clarity or correction of your statements, I have a few
> remarks, in case you add them to the commit message.
...snip...
Thanks for the additional information. I am still learning and this
helps.
It seems like we are moving in the same direction: To have a default or
configuration option to disallow "weak" ciphers.
- Joseph
> Best regards,
> Bernhard
>
More information about the yocto-security
mailing list