From: Konstantin Demin <rockdrilla@gmail.com>
Date: Tue, 8 Jul 2025 16:12:26 +0000 (+0300)
Subject: dropbear: disable RSA-SHA1 by default
X-Git-Tag: v25.12.0-rc1~2029
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e0fbca9b98e9bc415bbaa9aeeecb95848699a3f;p=thirdparty%2Fopenwrt.git

dropbear: disable RSA-SHA1 by default

Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
---

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index c5737c05ca4..e677ef5edca 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -822,7 +822,6 @@ menu "Encryption options"
 
 	config DROPBEAR_RSA_SHA1
 		bool "RSA-SHA1 [WEAK]"
-		default y
 		depends on DROPBEAR_LEGACY_COMPAT
 		help
 			This enables the following public key algorithm: