projects / openwrt / staging / jow.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
dropbear: add option to enable modern crypto only
[openwrt/staging/jow.git] / package / network / services / dropbear / Config.in
diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index 449cc2a421dc7696bc50107b1ac3ffb714dc885c..fd4d5f3c7a5e49a54fe2124d5230b204c1b7f560 100644 (file)
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -145,4 +145,25 @@ config DROPBEAR_AGENTFORWARD
                Also see DROPBEAR_DBCLIENT_AGENTFORWARD (agent forwarding in
                dropbear client) if DROPBEAR_DBCLIENT is selected.
 
+config DROPBEAR_MODERN_ONLY
+       bool "Use modern crypto only [BREAKS COMPATIBILITY]"
+       select DROPBEAR_ED25519
+       select DROPBEAR_CURVE25519
+       select DROPBEAR_CHACHA20POLY1305
+       help
+               This option enables:
+                - Chacha20-Poly1305
+                - Curve25519
+                - Ed25519
+               and disables:
+                - AES
+                - RSA
+                - SHA1
+
+               Reduces binary size by about 64 kB (MIPS) from default
+               configuration.
+
+               Consider enabling this option if you're building own OpenWrt
+               image and using modern SSH software everywhere.
+
 endmenu
Staging tree of Jo-Philipp Wich