What to do about SSL strength
Nicolas Goutte
nicolasg at snafu.de
Wed Mar 8 13:14:23 GMT 2006
On Wednesday 08 March 2006 10:19, Thiago Macieira wrote:
> George Staikos wrote:
> >> - you made it so that we negotiate ciphers of 168 bits or stronger
> >> - as a result, servers tell us we don't support strong encryption
> >
> > Yes.
> >
> >> Are those servers trying to use 128-bit as "strong"?
> >
> > Basically they have "if (bits(cipher) != 128) { error('weak crypto
> >unsupported'); }"
>
> Ah, that's supposed to catch 56-bit ciphers, right?
>
> >> Or is that just a negotiation problem?
> >
> > No we negotiate just fine in this case. There are cases where
> > negotiation on the server fails though, because they see unsupported
> > ciphers.
> >
> > Right now we just look broken. Maybe we won't look as broken after
> > Vista is released...
>
> And AFAIU there's no way around it except allowing 128-bit ciphers to be
> used, right?
Could it be done optionally site-by-site like for Java or for JavaScript?
So basically it would mean that KDE does not use 128 bit or less SSL but that
a user can tell KDE: "this site is too stupid but I really need it, so use
128 bits SSL for this site".
Have a nice day!
More information about the kde-core-devel
mailing list