Disabling DES-CBC3-SHA makes access to some SSL secured websites fail.

G'day. This is a very painful bug, and I suspect one that will be quite contentious.

After upgrading to Edgy access to the online banking service offered by a local bank here in Australia is no longer possible.

This is caused, at heart, by this upstream bug:
http://bugs.kde.org/show_bug.cgi?id=135545

From the report at least one other site has the same problem, which is that only the DES-CBC3-SHA cipher is acceptable on the server end.

Other web browsers such as Opera and Firefox on Linux and Windows, as well as Internet Explorer on Windows, do support this cipher and do work.

At the moment the work-around is to use an alternate web browser -- but to a non-technical user (where I learned about this) the problem is both incomprehensible and a significant regression from Dapper.

I will also be adding information to the upstream bug as soon as my new account in their BTS comes through, but I believe it is appropriate to ask the Ubuntu team to revert this change and restore compatible behaviour.

I note that the upstream report lists "incompatibility with some sites" as the root cause of the problem. A more correct fix is probably to demote the cipher set down to the very end of the SSL/TLS list provided the server, ensuring that it is negotiated if and only if no other cipher is acceptable to the server.

That should provide maximum bug-compatibility without compromising usability.

Regards, Daniel.