What to do about SSL strength

George Staikos staikos at kde.org
Tue Mar 7 18:41:27 GMT 2006

  I'm really frustrated.  All along, my goals with KSSL were to be secure, but 
most importantly compatible.  I finally broke down and threw away the 
"compatibility preferences" list in 3.5.x as we had too many users 
complaining that KSSL negotiated 'weak' ciphers.  This where 'weak' == 
128bit.  Well, now we're back to bug reports that KSSL can no-longer talk to 
servers.  It's definitely about broken servers, but there is nothing we can 
do to have them fixed.  The result is that people can't login to their bank 
or favorite store because they're told that Konqi doesn't support strong SSL.  
(Meanwhile, the cipher negotiated is 168bit or stronger.)  My personal view 
is that we go back to the preferences list and people can forget about 
unsupported modern SSL ciphers for now.  Any thoughts on this?

George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

More information about the kde-core-devel mailing list