What to do about SSL strength
Brad Hards
bradh at frogmouth.net
Thu Mar 9 10:39:34 GMT 2006
On Wednesday 08 March 2006 05:41 am, George Staikos wrote:
> I'm really frustrated. All along, my goals with KSSL were to be secure,
> but most importantly compatible.
<snip>
> My
> personal view is that we go back to the preferences list and people can
> forget about unsupported modern SSL ciphers for now. Any thoughts on this?
KSSL should allow use of arbitrary ciphers.
Konqueror should default to using KSSL with whatever is most compatible, as
long as it isn't SSL2 or less than 56 bits. Just keep moving the default with
whatever everyone else does.
It would be nice to allow the tin foil hat brigade to configure their systems
to talk specific ciphers for specific sites, as long as it is hidden deep in
some configuration setting.
There really isn't much point is saying "best available", because SSL really
only stops MITM attacks and similar spoofing, and the fake server will just
advertise weak ciphers....
Brad
BTW: most people don't know that the EFTPOS machine is only doing two-key
3DES, and they aren't concerned....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060309/7c9cdc3a/attachment.sig>
More information about the kde-core-devel
mailing list