[openwrt/openwrt] dropbear: disable RSA-SHA1 by default
LEDE Commits
lede-commits at lists.infradead.org
Fri Jul 11 02:24:00 PDT 2025
aparcar pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/5e0fbca9b98e9bc415bbaa9aeeecb95848699a3f
commit 5e0fbca9b98e9bc415bbaa9aeeecb95848699a3f
Author: Konstantin Demin <rockdrilla at gmail.com>
AuthorDate: Tue Jul 8 19:12:26 2025 +0300
dropbear: disable RSA-SHA1 by default
Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.
Signed-off-by: Konstantin Demin <rockdrilla at gmail.com>
---
package/network/services/dropbear/Config.in | 1 -
1 file changed, 1 deletion(-)
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index c5737c05ca..e677ef5edc 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -822,7 +822,6 @@ menu "Encryption options"
config DROPBEAR_RSA_SHA1
bool "RSA-SHA1 [WEAK]"
- default y
depends on DROPBEAR_LEGACY_COMPAT
help
This enables the following public key algorithm:
More information about the lede-commits
mailing list