What to do about SSL strength
George Staikos
staikos at kde.org
Tue Mar 7 18:41:27 GMT 2006
I'm really frustrated. All along, my goals with KSSL were to be secure, but
most importantly compatible. I finally broke down and threw away the
"compatibility preferences" list in 3.5.x as we had too many users
complaining that KSSL negotiated 'weak' ciphers. This where 'weak' ==
128bit. Well, now we're back to bug reports that KSSL can no-longer talk to
servers. It's definitely about broken servers, but there is nothing we can
do to have them fixed. The result is that people can't login to their bank
or favorite store because they're told that Konqi doesn't support strong SSL.
(Meanwhile, the cipher negotiated is 168bit or stronger.) My personal view
is that we go back to the preferences list and people can forget about
unsupported modern SSL ciphers for now. Any thoughts on this?
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list