dropbear: Disable legacy/insecure options
authorStefan Sørensen <stefan.sorensen@spectralink.com>
Tue, 3 Jul 2018 07:48:10 +0000 (09:48 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Wed, 4 Jul 2018 19:43:55 +0000 (21:43 +0200)
commit72d4d098b0dbb10d3904868acc11c97acafa8d80
tree1aecdd0380ca98de4fc197102d204f4a85a09a8d
parentbf19116c802118ec567e668e60de088b646f4fa3
dropbear: Disable legacy/insecure options

Dropbear by default enables a number of algorithms that are now considered
insecure and should only be used when legacy support is required:
   3DES encryption
   Blowfish encryption
   SHA1-96 message integrity
   CBC encryption mode
   DSA public keys
   Diffie-Hellman Group1 key exchange

So disable them by default, but add a config option for bringing them back.
Furthermore the Blowfish legacy algorithm is unconditionally disabled

Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/dropbear/Config.in
package/dropbear/dropbear.mk