What to do about SSL strength
George Staikos
staikos at kde.org
Thu Mar 9 15:30:26 GMT 2006
On Thursday 09 March 2006 10:20, Henry Miller wrote:
> On Thursday 09 March 2006 04:07, George Staikos wrote:
> > On Wednesday 08 March 2006 10:04, Henry Miller wrote:
> > > Nothing should be done until we check with Mozilla, Apple, and Opera.
> >
> > I'm sitting in a room with developers of 2 of the three you list there
> > at the moment so I'll ask around.
> >
> > > The right solution is for everyone to support 168 bit encryption.
> >
> > That's not a solution. The solution is something which makes
> > Konqueror work with the sites that don't support newer ciphers properly.
> > What you propose is that the problem go away. :-)
>
> Not exactly, but that is the hope. If Mozilla will soon run into the same
> problem we are having, and they are willing to force the issue, the problem
> will go away. When 10% of a websites customers have problems, the web
> site with fix things - look at how much better the web has got since
> firefox became common. So if they are willing to force the issue, we
> should follow your second plan - do nothing about sites that are broke in
> this way, they will fix themselves.
>
> If nobody else is willing to force this issue, then konqueror is not big
> enough to force the issue, so we will have to disable support for better
> encryption as a work around for those sites.
It turns out that by coincidence other browsers don't typically have this
problem. That's how I came to the workaround I just committed.
Also you should be careful about declaring something to be "better
encryption" just because of bigger keylengths.
--
George Staikos
KDE Developer http://www.kde.org/
Staikos Computing Services Inc. http://www.staikos.net/
More information about the kde-core-devel
mailing list