On 6/30/19 4:58 PM, Richard Purdie wrote:
On Fri, 2019-06-28 at 18:03 -0500, Joseph Reynolds wrote:
From 587a9e5c637ad3e70b8e35a3ca66013693ce7ac7 Mon Sep 17 00:00:00
2001
From: Joseph Reynolds <joseph.reynol...@ibm.com>
Date: Wed, 19 Jun 2019 20:16:40 -0500
Subject: [PATCH v2] dropbear: new feature: disable-weak-ciphers
Enhances dropbear with a new feature "disable-weak-ciphers", on by
default.
This feature disables all CBC, SHA1, and diffie-hellman group1
ciphers in
the dropbear ssh server and client.
Disable this feature if you need to connect to the ssh server from
older
clients. Additional customization can be done with local_options.h
as
usual.
Tested: On github.com/openbmc/openbmc using dropbear_2019.78.
Signed-off-by: Joseph Reynolds <joseph.reynol...@ibm.com>
---
meta/recipes-core/dropbear/dropbear.inc | 6 ++-
.../0007-dropbear-disable-weak-ciphers.patch | 57
++++++++++++++++++++++
2 files changed, 61 insertions(+), 2 deletions(-)
create mode 100644
meta/recipes-core/dropbear/dropbear/0007-dropbear-disable-weak-
ciphers.patch
I merged v1 of this patch previously. What was different in this
version?
The v2 patch had the same content with fixed up commit messages. You can
ignore it.
Thanks for handling this.
Also, the patch was still line wrapped so very hard to apply (had to be
manually fixed).
Cheers,
Richard
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
