[OE-core] [warrior][PATCH] dropbear: new feature: disable-weak-ciphers

Joseph Reynolds jrey at linux.ibm.com
Mon Jul 15 21:08:20 UTC 2019

On 7/15/19 3:58 PM, Adrian Bunk wrote:
> On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
>> Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
>> This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
>> the dropbear ssh server and client.
>> Disable this feature if you need to connect to the ssh server from older
>> clients.  Additional customization can be done with local_options.h as usual.
>> ...
> Changing the default behaviour in a stable series does not sound
> appropriate to me.

Although this patch is for security, it is a config change and not a 
fix.  I understand if you don't want to add it to a release branch, and 
I am am okay with that.  I just want to know one way or the other.  If 
this is the answer, we'll put the patch into our downstream project 
(github.com/openbmc/openbmc branch=warrior) ... waiting for more 
opinions ....

- Joseph
> cu
> Adrian

More information about the Openembedded-core mailing list