From mboxrd@z Thu Jan  1 00:00:00 1970
Return-path: <ptxdist-bounces@pengutronix.de>
Received: from mail.kamstrup.com ([93.167.225.188])
	by metis.ext.pengutronix.de with esmtp (Exim 4.72)
	(envelope-from <bth@kamstrup.com>) id 1YOSPJ-0006gO-4S
	for ptxdist@pengutronix.de; Thu, 19 Feb 2015 15:48:49 +0100
From: Bruno Thomsen <bth@kamstrup.com>
Date: Thu, 19 Feb 2015 14:48:41 +0000
Message-ID: <915054555B5659448ACF8A70E114824D01984DDA94@Exchange2010.kamstrup.dk>
References: <1424101629-16021-1-git-send-email-bth@kamstrup.com>
	<20150219140925.GL30223@pengutronix.de>
In-Reply-To: <20150219140925.GL30223@pengutronix.de>
Content-Language: en-US
MIME-Version: 1.0
Subject: Re: [ptxdist] [PATCH] dropbear: version bump 2014.65 -> 2015.67
Reply-To: ptxdist@pengutronix.de
List-Id: PTXdist Development Mailing List <ptxdist.pengutronix.de>
List-Unsubscribe: <http://metis.pengutronix.de/cgi-bin/mailman/options/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=unsubscribe>
List-Archive: <http://metis.pengutronix.de/pipermail/ptxdist>
List-Post: <mailto:ptxdist@pengutronix.de>
List-Help: <mailto:ptxdist-request@pengutronix.de?subject=help>
List-Subscribe: <http://metis.pengutronix.de/cgi-bin/mailman/listinfo/ptxdist>, 
	<mailto:ptxdist-request@pengutronix.de?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ptxdist-bounces@pengutronix.de
Errors-To: ptxdist-bounces@pengutronix.de
To: "ptxdist@pengutronix.de" <ptxdist@pengutronix.de>

> > +config DROPBEAR_CBC_CIPHERS
> > +	bool
> > +	prompt "CBC mode ciphers"
> > +	default y
> > +	help
> > +	  Enable CBC mode for ciphers. This has security issues though
> > +	  is the most compatible with older SSH implementations.
>
> In that case, shouldn't this be off by default? Those that still need it can enable it.

I was a bit in doubt about ptxdist default policy was to be fairly secure out-of-box or compatible with old software/equipment.
I'm all in for pushing a strong default security configuration :)

Bruno

-- 
ptxdist mailing list
ptxdist@pengutronix.de