When enabling or disabling sha1 integrity also keep or remove key exhange algorithms that rely on sha1.
group14_sha1 - 2048 bit, sha1 group1 - 1024 bit, sha1 Signed-off-by: Bruno Thomsen <[email protected]> --- rules/dropbear.make | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rules/dropbear.make b/rules/dropbear.make index 8d80ed295..d52efa396 100644 --- a/rules/dropbear.make +++ b/rules/dropbear.make @@ -165,9 +165,13 @@ endif ifdef PTXCONF_DROPBEAR_SHA1 @echo "ptxdist: enabling sha1" @echo "#define DROPBEAR_SHA1_HMAC 1" >> $(DROPBEAR_LOCALOPTIONS) + @echo "#define DROPBEAR_DH_GROUP1 1" >> $(DROPBEAR_LOCALOPTIONS) + @echo "#define DROPBEAR_DH_GROUP14_SHA1 1" >> $(DROPBEAR_LOCALOPTIONS) else @echo "ptxdist: disabling sha1" @echo "#define DROPBEAR_SHA1_HMAC 0" >> $(DROPBEAR_LOCALOPTIONS) + @echo "#define DROPBEAR_DH_GROUP1 0" >> $(DROPBEAR_LOCALOPTIONS) + @echo "#define DROPBEAR_DH_GROUP14_SHA1 0" >> $(DROPBEAR_LOCALOPTIONS) endif ifdef PTXCONF_DROPBEAR_SHA1_96 -- 2.25.1 _______________________________________________ ptxdist mailing list [email protected]
