What to do about SSL strength

Thiago Macieira thiago at kde.org
Wed Mar 8 09:19:42 GMT 2006

George Staikos wrote:
>> - you made it so that we negotiate ciphers of 168 bits or stronger
>> - as a result, servers tell us we don't support strong encryption
>  Yes.
>> Are those servers trying to use 128-bit as "strong"?
>   Basically they have "if (bits(cipher) != 128) { error('weak crypto
>unsupported'); }"

Ah, that's supposed to catch 56-bit ciphers, right?

>> Or is that just a negotiation problem?
>  No we negotiate just fine in this case.  There are cases where
> negotiation on the server fails though, because they see unsupported
> ciphers.
>  Right now we just look broken.  Maybe we won't look as broken after
> Vista is released...

And AFAIU there's no way around it except allowing 128-bit ciphers to be 
used, right?

  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

3. Ac seo woruld wearð geborod, swá se Scieppend cwæð "Gewurde Unix" and 
wundor fremede and him "Unix" genemned, þæt is se rihtendgesamnung.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060308/f17b85b9/attachment.sig>

More information about the kde-core-devel mailing list