Version: (using KDE KDE 3.5.5) Installed from: Debian testing/unstable Packages OS: Linux When I try to connect to https://www.millenet.pl/osobiste/Default.aspx, I get following error (with firefox the site opens correctly): "No Shared Cipher Your browser is unable to negotiate a security level which satisfies the requirements of this site. For security reasons, this Web site may require strong encryption. To gain access to this site, you may try any or all of the following: 1) Change your browser's security settings to support the appropriate level of encryption (the cipher suites supported by this site are listed above). 2) Update your browser to a version that supports the appropriate level of encryption. 3) Apply the "strong-encryption" option pack to your operating system. 4) If in the United States, verify that you are using a recent domestic version of your browser. 5) Contact this site's administrator for assistance. Security Details: Browser ciphers: RC4-SHA RC4-MD5 EDH-RSA-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-SHA Secure Site ciphers: DES-CBC3-SHA"
This cipher was problematic on other sites. I already answered this to someone today. A site that forces only this cipher is broken.
G'day. I can see that this bug is marked as WONTFIX, but my hope is to convince you to change your mind. This particular limitation on Konqueror causes non-trivial problems here in Australia as several of our banks only offer the DES-CBC3-SHA cipher. With the recent release of KDE with this change they are no longer accessible. I don't dispute that the cipher in question has caused problems with other sites, but I would like to suggest a different resolution. The other web browsers I tested (Opera and Firefox, Linux and Windows, and IE6) all offer the cipher in their selection but, as far as I can see, a ways down the priority list. That means, by convention, that the remote server will prefer other ciphers to DES-CBC3-SHA where possible, but can still use that if they require it. That should, hopefully, address the compatibility problems with other sites without compromising the usability of Konqueror on the web. Finally, while I agree that sites forcing that one specific cipher is odd it isn't technically broken, as the SSL standards do permit that use -- even if it isn't necessarily a very clever choice on their part. Regards, Daniel
I agree with above. As there is no chance that the banks would change ciphers, konqueror should somehow deal with it, as Firefox does.