> On Mar 28, 2017, at 12:09 AM, Alexandru Ardelean <ardeleana...@gmail.com> > wrote: > > On Tue, Mar 28, 2017 at 1:45 AM, txt.file <txt.f...@txtfile.eu> wrote: >> The topic and patch is about OpenSSL but description is about OpenSSH. >> What has OpenSSL to do with OpenSSH? >> >> kind regards >> txt.file >> -- >> This message is signed. >> >> Rosen Penev: >>> The commit that removed no-ripemd stated that it was needed for openssh. >>> However with recent OpenSSH releases (7.4), RIPEMD-160 is run-time disabled. >>> I've verified this with ssh -vvv making no mention of RIPEMD-160 anywhere. >>> --- >>> package/libs/openssl/Makefile | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> diff --git a/package/libs/openssl/Makefile b/package/libs/openssl/Makefile >>> index 2543a46..a2d3ce3 100644 >>> --- a/package/libs/openssl/Makefile >>> +++ b/package/libs/openssl/Makefile >>> @@ -100,7 +100,7 @@ endef >>> >>> >>> OPENSSL_NO_CIPHERS:= no-idea no-md2 no-mdc2 no-rc5 no-sha0 no-camellia >>> no-krb5 \ >>> - no-whrlpool no-whirlpool no-seed no-jpake >>> + no-whrlpool no-whirlpool no-seed no-jpake no-ripemd >>> OPENSSL_OPTIONS:= shared no-err no-sse2 no-ssl2 no-ssl2-method no-heartbeats >>> >>> ifdef CONFIG_OPENSSL_ENGINE_CRYPTO >>> >> >> >> _______________________________________________ >> Lede-dev mailing list >> Lede-dev@lists.infradead.org >> http://lists.infradead.org/mailman/listinfo/lede-dev >> > > as far as things go, openssh is part of the package feeds here: > https://github.com/openwrt/packages/tree/master/net/openssh > > while openssl is part of the core packages > removing this cipher if unused, makes sense also to reduce openssl size > > my 2c :) > > thanks > Alex
What happens if someone has a private package feed and they’re still using it? I think we should remove ciphers when they’re proven weak or otherwise vulnerable, like AES128-CBC… not when we’re unaware of anyone using it. -Philip _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
