What to do about SSL strength
Gary Greene
greeneg at phoenuxos.com
Tue Mar 7 19:19:15 GMT 2006
On Tuesday 07 March 2006 01:41 pm, George Staikos wrote:
> I'm really frustrated. All along, my goals with KSSL were to be secure,
> but most importantly compatible. I finally broke down and threw away the
> "compatibility preferences" list in 3.5.x as we had too many users
> complaining that KSSL negotiated 'weak' ciphers. This where 'weak' ==
> 128bit. Well, now we're back to bug reports that KSSL can no-longer talk
> to servers. It's definitely about broken servers, but there is nothing we
> can do to have them fixed. The result is that people can't login to their
> bank or favorite store because they're told that Konqi doesn't support
> strong SSL. (Meanwhile, the cipher negotiated is 168bit or stronger.) My
> personal view is that we go back to the preferences list and people can
> forget about unsupported modern SSL ciphers for now. Any thoughts on this?
Seeing as there are too many non-secure servers out there, this may be the
only thing that can be done at the moment. While I do agree that people
should be using strong ciphers, but having it "just work" is more important.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060307/e38b8e22/attachment.sig>
More information about the kde-core-devel
mailing list