From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org, mmayer@broadcom.com
Subject: Re: [Buildroot] [PATCH] package/dropbear: provide config option to turn off SHA1 for RSA
Date: Tue, 13 May 2025 13:08:47 +0200 [thread overview]
Message-ID: <2bbbdf5e-2450-4d2f-abd2-e0bb210c14ba@korsgaard.com> (raw)
In-Reply-To: <87h6bhgf6a.fsf@dell.be.48ers.dk>
On 8/19/24 09:11, Peter Korsgaard wrote:
> True. It also somewhat depends on how fine grained configuration options
> we want, E.G. we could also simply handle the RSA_SHA1 option under the
> LEGACY_CRYPTO option WHEN upstream disables it by default, but then we
> have to wait for that.
>
> Looking elsewhere, I see that openwrt handles it with a "modern only"
> option to only enable modern/secure options, maybe that is a way to go?
>
> https://github.com/openwrt/openwrt/commit/bf900e02c7102601be2e9280231711e70f065877
>
> Related to RSA_SHA1, I believe the original reason for you sending this
> patch was to disable everything related to SHA1, but SHA1 is also used
> for HMAC and key exchange, so we should consider disabling those as
> well:
>
> https://github.com/openwrt/openwrt/commit/2d9a0be307b534ceb717267c95402d1d707cd2c3
>
> What do you say?
This never made any progress, and I have in the mean time applied
https://gitlab.com/buildroot.org/buildroot/-/commit/05fb4526f909aac533ed943977d4eeabd0b9b4ac,
so now upstream has in fact disabled SHA1 support by default and we only
enable it when the legacy crypto option is enabled, so I will mark this
as superseeded.
--
Bye, Peter Korsgaard
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
prev parent reply other threads:[~2025-05-13 11:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-17 0:00 [Buildroot] [PATCH] package/dropbear: provide config option to turn off SHA1 for RSA Markus Mayer via buildroot
2024-08-17 10:10 ` Thomas Petazzoni via buildroot
2024-08-17 19:49 ` Markus Mayer via buildroot
2024-08-18 20:48 ` Peter Korsgaard
2024-08-18 22:31 ` Markus Mayer via buildroot
2024-08-19 7:11 ` Peter Korsgaard
2024-08-20 20:27 ` Markus Mayer via buildroot
2025-05-13 11:08 ` Peter Korsgaard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2bbbdf5e-2450-4d2f-abd2-e0bb210c14ba@korsgaard.com \
--to=peter@korsgaard.com \
--cc=buildroot@buildroot.org \
--cc=mmayer@broadcom.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.