From 5e0fbca9b98e9bc415bbaa9aeeecb95848699a3f Mon Sep 17 00:00:00 2001
From: Konstantin Demin <rockdrilla@gmail.com>
Date: Tue, 8 Jul 2025 19:12:26 +0300
Subject: [PATCH] dropbear: disable RSA-SHA1 by default

Upstream has disabled SHA-1 algorithms by default since version 2025.87.
SHA-1 has known weakness and most SSH implementations support alternatives.

Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
---
 package/network/services/dropbear/Config.in | 1 -
 1 file changed, 1 deletion(-)

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index c5737c05ca4..e677ef5edca 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -822,7 +822,6 @@ menu "Encryption options"
 
 	config DROPBEAR_RSA_SHA1
 		bool "RSA-SHA1 [WEAK]"
-		default y
 		depends on DROPBEAR_LEGACY_COMPAT
 		help
 			This enables the following public key algorithm: