2015-02-25 website test - banks: Difference between revisions
(→A) |
(→A) |
||
Line 13: | Line 13: | ||
==A== | ==A== | ||
weak signature = Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. | |||
TLS_FALLBACK_SCSV = This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. | TLS_FALLBACK_SCSV = This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. | ||
HSTS long = This server supports HTTP Strict Transport Security with long duration. | |||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
! Provider | ! Provider | ||
Line 39: | Line 41: | ||
| A || 100 || 95 || 90 || 90 | | A || 100 || 95 || 90 || 90 | ||
| | | | ||
* | * weak signature | ||
* TLS_FALLBACK_SCSV | * TLS_FALLBACK_SCSV | ||
* | * HSTS long | ||
| | | | ||
*Server hostname www.cortalconsors.de - not matching certificate common name | *Server hostname www.cortalconsors.de - not matching certificate common name | ||
Line 48: | Line 50: | ||
| A || 100 || 95 || 80 || 90 | | A || 100 || 95 || 80 || 90 | ||
| | | | ||
* | * weak signature | ||
* TLS_FALLBACK_SCSV | * TLS_FALLBACK_SCSV | ||
* | * HSTS long | ||
| | | | ||
|- | |- | ||
Line 56: | Line 58: | ||
| A || 100 || 95 || 80 || 90 | | A || 100 || 95 || 80 || 90 | ||
| | | | ||
* | * TLS_FALLBACK_SCSV | ||
| | | | ||
|- | |- | ||
Line 62: | Line 64: | ||
| A || 100 || 95 || 80 || 90 | | A || 100 || 95 || 80 || 90 | ||
| | | | ||
* | * weak signature | ||
* TLS_FALLBACK_SCSV | * TLS_FALLBACK_SCSV | ||
* | * HSTS long | ||
| | | | ||
|- | |- | ||
Line 70: | Line 72: | ||
| A || 100 || 95 || 90 || 90 | | A || 100 || 95 || 90 || 90 | ||
| | | | ||
* | * weak signature | ||
| | | | ||
|} | |} |
Revision as of 2015-02-25T04:41:10
A+
tango.info
None of the banks tested reached A+, so as comparison provide data for tango.info.
https://www.ssllabs.com/ssltest/analyze.html?d=tango.info Certificate 100 Protocol Support 95 Key Exchange 90 Cipher Strength 100 This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. This server supports HTTP Strict Transport Security with long duration. Grade set to A+.
A
weak signature = Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. TLS_FALLBACK_SCSV = This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. HSTS long = This server supports HTTP Strict Transport Security with long duration.
Provider | Rating | Certificate | Protocol Support | Key Exchange | Cipher Strength | Messages | Comment |
---|---|---|---|---|---|---|---|
sbroker.de | A | 100 | 95 | 100 | 90 |
|
|
banking.netbank.de | A | 100 | 95 | 90 | 90 |
|
|
consorsbank.de | A | 100 | 95 | 90 | 90 |
|
|
kunde.comdirect.de | A | 100 | 95 | 80 | 90 |
|
|
1822direkt.de | A | 100 | 95 | 80 | 90 |
|
|
dab-bank.de | A | 100 | 95 | 80 | 90 |
|
|
norisbank.de | A | 100 | 95 | 90 | 90 |
|
B
ing-diba.de
B Certificate 100 Protocol Support 95 Key Exchange 90 Cipher Strength 90 Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. This server accepts the RC4 cipher, which is weak. Grade capped to B. There is no support for secure renegotiation. The server does not support Forward Secrecy with the reference browsers. This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. This server supports HTTP Strict Transport Security with long duration.
targobank.de
Certificate 100 Protocol Support 70 Key Exchange 80 Cipher Strength 90 The server supports only older protocols, but not the current best TLS 1.2. This server accepts the RC4 cipher, which is weak. Grade capped to B. The server does not support Forward Secrecy with the reference browsers.
C
banking.postbank.de
C Certificate 100 Protocol Support 90 Key Exchange 90 Cipher Strength 90 This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C. Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. This server accepts the RC4 cipher, which is weak. Grade capped to B. The server does not support Forward Secrecy with the reference browsers. This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.