2015-02-25 website test - banks
Overview
Big fail: ING Diba, Targobank, Postbank - they didn't even get an "A"-rating.
Replies:
- ING-DiBa:
- 2015-02-25 - will not change. Attack is only "theoretical possibility" - ("ist der unbefugte Zugriff bisher nur eine theoretische Möglichkeit")
List
weak signature = Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. intermediate weak signature = Intermediate certificate has a weak signature. When renewing, ensure you upgrade to an all-SHA2 chain. TLS_FALLBACK_SCSV = This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. HSTS long = This server supports HTTP Strict Transport Security with long duration.
Provider / Link to ssllabs.com | Rating | Certificate | Protocol Support | Key Exchange | Cipher Strength | Messages | Comment |
---|---|---|---|---|---|---|---|
meindepot.sbroker.de | A+ | 100 | 95 | 100 | 90 |
|
|
sbroker.de | A | 100 | 95 | 100 | 90 |
|
|
banking.netbank.de | A | 100 | 95 | 90 | 90 |
|
|
consorsbank.de | A | 100 | 95 | 90 | 90 |
|
|
kunde.comdirect.de | A | 100 | 95 | 80 | 90 |
|
|
1822direkt.de | A | 100 | 95 | 80 | 90 |
|
|
dab-bank.de | A | 100 | 95 | 80 | 90 |
|
|
norisbank.de | A | 100 | 95 | 90 | 90 |
|
|
meine.deutsche-bank.de | A | 100 | 95 | 80 | 90 |
|
|
banking.dkb.de | A | 100 | 95 | 90 | 90 |
|
|
ing-diba.de | B | 100 | 95 | 90 | 90 |
|
|
banking.ing-diba.de | B | 100 | 95 | 80 | 90 |
|
|
targobank.de | B | 100 | 70 | 80 | 90 |
|
|
banking.postbank.de | C | 100 | 90 | 90 | 90 |
|
|
banking.degussa-bank.de | F | 100 | 0 | 80 | 90 |
|