What to do about SSL strength - refocused
George Staikos
staikos at kde.org
Thu Mar 9 11:25:18 GMT 2006
On Thursday 09 March 2006 05:05, George Staikos wrote:
> So to bring this thread back on topic, I'm faced with one choice of two:
> 1) Do nothing, the sites are broken. users will just not be able to access
> those sites until they fix themselves.
> 2) Disable strong ciphers by default and/or have OpenSSL negotiate "known
> good" ciphers before the new 256/168 ones again.
3) disable DES-CBC3-SHA: done.
Most sites don't support AES yet, so we'll be 128 bit in most cases, but 256
where possible. I think this should make everyone happy.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list