This changes the Dropbear SSH server configuration so it will not accept medium-strength encryption ciphers including: CBC mode, MD5, 96-bit MAC, and triple DES.
Upstream-Status: Pending Signed-off-by: Joseph Reynolds --- meta/recipes-core/dropbear/dropbear/localoptions.h | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 meta/recipes-core/dropbear/dropbear/localoptions.h diff --git a/meta/recipes-core/dropbear/dropbear/localoptions.h b/meta/recipes-core/dropbear/dropbear/localoptions.h new file mode 100644 index 0000000..ec48c26 --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/localoptions.h @@ -0,0 +1,8 @@ +/* Customize dropbear per default_options.h in the dropbear project */ + +/* Disable insecure ciphers */ +#define DROPBEAR_TWOFISH256 0 +#define DROPBEAR_TWOFISH128 0 +#define DROPBEAR_ENABLE_CBC_MODE 0 +#define DROPBEAR_SHA1_HMAC 0 +#define DROPBEAR_SHA1_96_HMAC 0 -- 2.7.2
-- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
