From: Konstantin Demin <rockdrilla@gmail.com>
Date: Tue, 8 Jul 2025 16:12:26 +0000 (+0300)
Subject: dropbear: disable RSA-SHA1 by default
X-Git-Url: http://git.openwrt.org/?a=commitdiff_plain;h=5e0fbca9b98e9bc415bbaa9aeeecb95848699a3f;p=openwrt%2Fopenwrt.git

dropbear: disable RSA-SHA1 by default

Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
---

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index c5737c05ca..e677ef5edc 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -822,7 +822,6 @@ menu "Encryption options"
 
 	config DROPBEAR_RSA_SHA1
 		bool "RSA-SHA1 [WEAK]"
-		default y
 		depends on DROPBEAR_LEGACY_COMPAT
 		help
 			This enables the following public key algorithm: