What to do about SSL strength

Brad Hards bradh at frogmouth.net
Thu Mar 9 10:39:34 GMT 2006

On Wednesday 08 March 2006 05:41 am, George Staikos wrote:
>   I'm really frustrated.  All along, my goals with KSSL were to be secure,
> but most importantly compatible.  
> My 
> personal view is that we go back to the preferences list and people can
> forget about unsupported modern SSL ciphers for now.  Any thoughts on this?
KSSL should allow use  of arbitrary ciphers.

Konqueror should default to using KSSL with whatever is most compatible, as 
long as it isn't SSL2 or less than 56 bits. Just keep moving the default with 
whatever everyone else does.

It would be nice to allow the tin foil hat brigade to configure their systems 
to talk specific ciphers for specific sites, as long as it is hidden deep in 
some configuration setting. 

There really isn't much point is saying "best available", because SSL really 
only stops MITM attacks and similar spoofing, and the fake server will just 
advertise weak ciphers....


BTW: most people don't know that the EFTPOS machine is only doing two-key 
3DES, and they aren't concerned....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060309/7c9cdc3a/attachment.sig>

More information about the kde-core-devel mailing list