2015-02-25 website test - banks: Difference between revisions

From annawiki
Line 17: Line 17:
  HSTS long = This server supports HTTP Strict Transport Security with long duration.
  HSTS long = This server supports HTTP Strict Transport Security with long duration.
{| class="wikitable sortable"
{| class="wikitable sortable"
! Provider
! Provider / Link to ssllabs.com
! Rating
! Rating
! Certificate
! Certificate

Revision as of 2015-02-25T03:55:45

A+

tango.info

None of the banks tested reached A+, so as comparison provide data for tango.info.

https://www.ssllabs.com/ssltest/analyze.html?d=tango.info
Certificate 100
Protocol Support 95
Key Exchange 90
Cipher Strength 100
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration. Grade set to A+.

A

weak signature = Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
TLS_FALLBACK_SCSV = This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
HSTS long = This server supports HTTP Strict Transport Security with long duration.
Provider / Link to ssllabs.com Rating Certificate Protocol Support Key Exchange Cipher Strength Messages Comment
sbroker.de A 100 95 100 90
  • TLS_FALLBACK_SCSV
banking.netbank.de A 100 95 90 90
  • TLS_FALLBACK_SCSV
consorsbank.de A 100 95 90 90
  • weak signature
  • TLS_FALLBACK_SCSV
  • HSTS long
  • Server hostname www.cortalconsors.de - not matching certificate common name
kunde.comdirect.de A 100 95 80 90
  • weak signature
  • TLS_FALLBACK_SCSV
  • HSTS long
1822direkt.de A 100 95 80 90
  • TLS_FALLBACK_SCSV
dab-bank.de A 100 95 80 90
  • weak signature
  • TLS_FALLBACK_SCSV
  • HSTS long
norisbank.de A 100 95 90 90
  • weak signature

B

ing-diba.de

B
Certificate 100
Protocol Support 95
Key Exchange 90
Cipher Strength 90
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
There is no support for secure renegotiation.
The server does not support Forward Secrecy with the reference browsers.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.
This server supports HTTP Strict Transport Security with long duration.

targobank.de

Certificate 100
Protocol Support 70
Key Exchange 80
Cipher Strength 90
The server supports only older protocols, but not the current best TLS 1.2.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.

C

banking.postbank.de

C
Certificate 100
Protocol Support 90
Key Exchange 90
Cipher Strength 90
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
The server does not support Forward Secrecy with the reference browsers.
This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks.