On 7/15/19 3:58 PM, Adrian Bunk wrote:
On Mon, Jul 15, 2019 at 03:38:57PM -0500, Joseph Reynolds wrote:
Enhances dropbear with a new feature "disable-weak-ciphers", on by default.
This feature disables all CBC, SHA1, and diffie-hellman group1 ciphers in
the dropbear ssh server and client.
Disable this feature if you need to connect to the ssh server from older
clients. Additional customization can be done with local_options.h as usual.
...
Changing the default behaviour in a stable series does not sound
appropriate to me.
Although this patch is for security, it is a config change and not a
fix. I understand if you don't want to add it to a release branch, and
I am am okay with that. I just want to know one way or the other. If
this is the answer, we'll put the patch into our downstream project
(github.com/openbmc/openbmc branch=warrior) ... waiting for more
opinions ....
Thanks!
- Joseph
cu
Adrian
--
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
