[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    What to do about SSL strength
From:       George Staikos <staikos () kde ! org>
Date:       2006-03-07 18:41:27
Message-ID: 200603071341.27534.staikos () kde ! org
[Download RAW message or body]


  I'm really frustrated.  All along, my goals with KSSL were to be secure, but 
most importantly compatible.  I finally broke down and threw away the 
"compatibility preferences" list in 3.5.x as we had too many users 
complaining that KSSL negotiated 'weak' ciphers.  This where 'weak' == 
128bit.  Well, now we're back to bug reports that KSSL can no-longer talk to 
servers.  It's definitely about broken servers, but there is nothing we can 
do to have them fixed.  The result is that people can't login to their bank 
or favorite store because they're told that Konqi doesn't support strong SSL.  
(Meanwhile, the cipher negotiated is 168bit or stronger.)  My personal view 
is that we go back to the preferences list and people can forget about 
unsupported modern SSL ciphers for now.  Any thoughts on this?

-- 
George Staikos
KDE Developer				http://www.kde.org/
Staikos Computing Services Inc.		http://www.staikos.net/
[prev in list] [next in list] [prev in thread] [next in thread]