ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-02-07 13:21:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Disable dh-group1 KEX by default

Browse Source 
Add comments for SK keys
This commit is contained in:
Matt Johnston 2022-03-30 12:51:32 +08:00
parent 04a4548ba2
commit 6f793d42d0
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
default_options.h
View File

@ -134,10 +134,12 @@ IMPORTANT: Some options will require "make clean" after changes */
* code (either ECDSA or ECDH) increases binary size - around 30kB * code (either ECDSA or ECDH) increases binary size - around 30kB
* on x86-64 */ * on x86-64 */
#define DROPBEAR_ECDSA 1 #define DROPBEAR_ECDSA 1
#define DROPBEAR_SK_ECDSA 1
/* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases
binary size - around 7,5kB on x86-64 */ binary size - around 7,5kB on x86-64 */
#define DROPBEAR_ED25519 1 #define DROPBEAR_ED25519 1
/* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth.
* This is currently server-only. */
#define DROPBEAR_SK_ECDSA 1
#define DROPBEAR_SK_ED25519 1 #define DROPBEAR_SK_ED25519 1
/* RSA must be >=1024 */ /* RSA must be >=1024 */
@ -178,7 +180,7 @@ IMPORTANT: Some options will require "make clean" after changes */
#define DROPBEAR_DH_GROUP16 0 #define DROPBEAR_DH_GROUP16 0
#define DROPBEAR_CURVE25519 1 #define DROPBEAR_CURVE25519 1
#define DROPBEAR_ECDH 1 #define DROPBEAR_ECDH 1
#define DROPBEAR_DH_GROUP1 1 #define DROPBEAR_DH_GROUP1 0
/* When group1 is enabled it will only be allowed by Dropbear client /* When group1 is enabled it will only be allowed by Dropbear client
not as a server, due to concerns over its strength. Set to 0 to allow not as a server, due to concerns over its strength. Set to 0 to allow