Dropbear by default enables a number of algorithms that are now considered
insecure and should only be used when legacy support is required:
3DES encryption
Blowfish encryption
SHA1-96 message integrity
CBC encryption mode
DSA public keys
Diffie-Hellman Group1 key exchange
So disable them by default, but add a config option for bringing them back.
Furthermore the Blowfish legacy algorithm is unconditionally disabled
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
Reviewed-by: Baruch Siach <baruch@tkos.co.il>
Reviewed-by: Thomas De Schampheleire <thomas.de_schampheleire@nokia.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
72d4d098b0