diff options
author | Bruno Thomsen <bth@kamstrup.com> | 2015-02-20 10:51:17 +0100 |
---|---|---|
committer | Michael Olbrich <m.olbrich@pengutronix.de> | 2015-03-18 14:16:01 +0100 |
commit | ac4800f8b3f893426a64b16f1f691ba954232822 (patch) | |
tree | 59f78108665013ee104dfa5bda133b0d1899aa95 /rules/dropbear.in | |
parent | 990fa4829a90bc1870bbd0817b682ba8d2b43f3f (diff) | |
download | ptxdist-ac4800f8b3f893426a64b16f1f691ba954232822.tar.gz ptxdist-ac4800f8b3f893426a64b16f1f691ba954232822.tar.xz |
dropbear: version bump 2014.65 -> 2015.67
The new version contain options to enable/disable cipher modes.
Default security level increased by disabling CBC mode and enabling CTR mode.
Tenable Network Security - Nessus:
http://www.tenable.com/plugins/index.php?view=single&id=70658
Signed-off-by: Bruno Thomsen <bth@kamstrup.com>
Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
Diffstat (limited to 'rules/dropbear.in')
-rw-r--r-- | rules/dropbear.in | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/rules/dropbear.in b/rules/dropbear.in index fe2ada369..1c1d813fc 100644 --- a/rules/dropbear.in +++ b/rules/dropbear.in @@ -203,6 +203,21 @@ config DROPBEAR_TWOFISH256 bijective f function made by four key-dependent 8x8-bit S-boxes. +config DROPBEAR_CBC_CIPHERS + bool + prompt "CBC mode ciphers" + help + Enable CBC mode for ciphers. This has security issues though + is the most compatible with older SSH implementations. + +config DROPBEAR_CTR_CIPHERS + bool + prompt "Counter mode ciphers" + default y + help + Enable "Counter Mode" for ciphers. This is more secure than normal + CBC mode against certain attacks. This adds around 1kB to binary + size and is recommended for most cases. comment "Integrity, at least one required --- RFC Draft requires sha1-hmac and recommends sha1-96" |