[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: What to do about SSL strength
From: Gary Greene <greeneg () phoenuxos ! com>
Date: 2006-03-07 19:19:15
Message-ID: 200603071419.19551.greeneg () phoenuxos ! com
[Download RAW message or body]
On Tuesday 07 March 2006 01:41 pm, George Staikos wrote:
> I'm really frustrated. All along, my goals with KSSL were to be secure,
> but most importantly compatible. I finally broke down and threw away the
> "compatibility preferences" list in 3.5.x as we had too many users
> complaining that KSSL negotiated 'weak' ciphers. This where 'weak' ==
> 128bit. Well, now we're back to bug reports that KSSL can no-longer talk
> to servers. It's definitely about broken servers, but there is nothing we
> can do to have them fixed. The result is that people can't login to their
> bank or favorite store because they're told that Konqi doesn't support
> strong SSL. (Meanwhile, the cipher negotiated is 168bit or stronger.) My
> personal view is that we go back to the preferences list and people can
> forget about unsupported modern SSL ciphers for now. Any thoughts on this?
Seeing as there are too many non-secure servers out there, this may be the
only thing that can be done at the moment. While I do agree that people
should be using strong ciphers, but having it "just work" is more important.
[Attachment #3 (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic