Disable Obsoleted CBC ciphers (AES, ARIA etc.) in dropbear

[EdenLiu]

Dropbear is ssh server on my device and I use testssh.sh to test the support of ssl/tls ciphers. and it report "Obsoleted CBC ciphers (AES, ARIA etc.) offered" :
NULL ciphers (no encryption) not offered (OK)
Anonymous NULL Ciphers (no authentication) not offered (OK)
Export ciphers (w/o ADH+NULL) not offered (OK)
LOW: 64 Bit + DES, RC[2,4], MD5 (w/o export) not offered (OK)
Triple DES Ciphers / IDEA not offered
Obsoleted CBC ciphers (AES, ARIA etc.) offered
Strong encryption (AEAD ciphers) with no FS not offered
Forward Secrecy strong encryption (AEAD ciphers) offered (OK)

I want to disable Obsoleted CBC ciphers by dropbear server side, Is there any way to configure it? Thank you in advance:)

[mkj]

The ciphers are configured at compile time, you'll have to get a new Dropbear binary build for your device.
In current Dropbear the CBC ciphers are disabled by default.

dropbear/default_options.h

Line 102 in 846d38f

#define DROPBEAR_ENABLE_CBC_MODE 0

Which testssh.sh script are you using? I only see testssl.sh which isn't looking at SSH.