What to do about SSL strength - refocused

George Staikos staikos at kde.org
Thu Mar 9 11:25:18 GMT 2006

On Thursday 09 March 2006 05:05, George Staikos wrote:
>    So to bring this thread back on topic, I'm faced with one choice of two:
> 1) Do nothing, the sites are broken.  users will just not be able to access
> those sites until they fix themselves.
> 2) Disable strong ciphers by default and/or have OpenSSL negotiate "known
> good" ciphers before the new 256/168 ones again.

  3) disable DES-CBC3-SHA:  done.

  Most sites don't support AES yet, so we'll be 128 bit in most cases, but 256 
where possible.  I think this should make everyone happy.

George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/

More information about the kde-core-devel mailing list