What to do about SSL strength

Gary Greene greeneg at phoenuxos.com
Tue Mar 7 19:19:15 GMT 2006


On Tuesday 07 March 2006 01:41 pm, George Staikos wrote:
>   I'm really frustrated.  All along, my goals with KSSL were to be secure,
> but most importantly compatible.  I finally broke down and threw away the
> "compatibility preferences" list in 3.5.x as we had too many users
> complaining that KSSL negotiated 'weak' ciphers.  This where 'weak' ==
> 128bit.  Well, now we're back to bug reports that KSSL can no-longer talk
> to servers.  It's definitely about broken servers, but there is nothing we
> can do to have them fixed.  The result is that people can't login to their
> bank or favorite store because they're told that Konqi doesn't support
> strong SSL. (Meanwhile, the cipher negotiated is 168bit or stronger.)  My
> personal view is that we go back to the preferences list and people can
> forget about unsupported modern SSL ciphers for now.  Any thoughts on this?

Seeing as there are too many non-secure servers out there, this may be the 
only thing that can be done at the moment. While I do agree that people 
should be using strong ciphers, but having it "just work" is more important.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060307/e38b8e22/attachment.sig>


More information about the kde-core-devel mailing list