[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: What to do about SSL strength
From:       Gary Greene <greeneg () phoenuxos ! com>
Date:       2006-03-07 19:19:15
Message-ID: 200603071419.19551.greeneg () phoenuxos ! com
[Download RAW message or body]


On Tuesday 07 March 2006 01:41 pm, George Staikos wrote:
>   I'm really frustrated.  All along, my goals with KSSL were to be secure,
> but most importantly compatible.  I finally broke down and threw away the
> "compatibility preferences" list in 3.5.x as we had too many users
> complaining that KSSL negotiated 'weak' ciphers.  This where 'weak' ==
> 128bit.  Well, now we're back to bug reports that KSSL can no-longer talk
> to servers.  It's definitely about broken servers, but there is nothing we
> can do to have them fixed.  The result is that people can't login to their
> bank or favorite store because they're told that Konqi doesn't support
> strong SSL. (Meanwhile, the cipher negotiated is 168bit or stronger.)  My
> personal view is that we go back to the preferences list and people can
> forget about unsupported modern SSL ciphers for now.  Any thoughts on this?

Seeing as there are too many non-secure servers out there, this may be the 
only thing that can be done at the moment. While I do agree that people 
should be using strong ciphers, but having it "just work" is more important.

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]