What to do about SSL strength

Thiago Macieira thiago at kde.org
Wed Mar 8 10:41:56 GMT 2006


Tom Albers wrote:
>Op dinsdag 7 maart 2006 22:14, schreef George Staikos:
>>    Basically they have "if (bits(cipher) != 128) { error('weak crypto
>> unsupported'); }"
>
>Is it possible to catch that?
>
>if (error == 'weak crypto unsupported') renegotiate(128);

Given the errors we're getting, I think not.

The SSL negotiation succeeds, but the webserver then redirects the browser 
to an "weak crypto unsupported" error page via HTTP. So, from KSSL's 
point of view, the negotiation succeeded.

-- 
  Thiago Macieira  -  thiago (AT) macieira.info - thiago (AT) kde.org
    PGP/GPG: 0x6EF45358; fingerprint:
    E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

3. Ac seo woruld wearð geborod, swá se Scieppend cwæð "Gewurde Unix" and 
wundor fremede and him "Unix" genemned, þæt is se rihtendgesamnung.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060308/c1eeaff1/attachment.sig>


More information about the kde-core-devel mailing list