2015-02-25 website test - banks: Difference between revisions
No edit summary |
m (Tobiasco moved page Ssllabs.com - ssltest - banks to TLS website test - ssllabs.com - banks) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 136: | Line 136: | ||
* The server does not support Forward Secrecy with the reference browsers. | * The server does not support Forward Secrecy with the reference browsers. | ||
* TLS_FALLBACK_SCSV | * TLS_FALLBACK_SCSV | ||
| | |||
|- | |||
| [https://www.ssllabs.com/ssltest/analyze.html?d=banking.degussa-bank.de banking.degussa-bank.de] | |||
| F || 100 || 0 || 80 || 90 | |||
| | |||
* This server is vulnerable to MITM attacks because it supports insecure renegotiation. Grade set to F. | |||
* This server does not mitigate the CRIME attack. Grade capped to B. | |||
* Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. | |||
* The server supports only older protocols, but not the current best TLS 1.2. Grade capped to B. | |||
* There is no support for secure renegotiation. | |||
* The server does not support Forward Secrecy with the reference browsers. | |||
| | | | ||
|} | |} | ||
==Feedback== | |||
* http://www.heise.de/security/news/foren/S-unbedingt-lesenswert/forum-293111/msg-26583341/read/MD5-2bc10b84b3a86a7df437ed025fd4bdb7 - Degussa reported as "F" |
Revision as of 2017-09-07T01:57:00
Overview
Big fail: ING Diba, Targobank, Postbank - they didn't even get an "A"-rating.
Replies:
- ING-DiBa:
- 2015-02-25 - will not change. Attack is only "theoretical possibility" - ("ist der unbefugte Zugriff bisher nur eine theoretische Möglichkeit")
List
weak signature = Certificate uses a weak signature. When renewing, ensure you upgrade to SHA2. intermediate weak signature = Intermediate certificate has a weak signature. When renewing, ensure you upgrade to an all-SHA2 chain. TLS_FALLBACK_SCSV = This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks. HSTS long = This server supports HTTP Strict Transport Security with long duration.
Provider / Link to ssllabs.com | Rating | Certificate | Protocol Support | Key Exchange | Cipher Strength | Messages | Comment |
---|---|---|---|---|---|---|---|
meindepot.sbroker.de | A+ | 100 | 95 | 100 | 90 |
|
|
sbroker.de | A | 100 | 95 | 100 | 90 |
|
|
banking.netbank.de | A | 100 | 95 | 90 | 90 |
|
|
consorsbank.de | A | 100 | 95 | 90 | 90 |
|
|
kunde.comdirect.de | A | 100 | 95 | 80 | 90 |
|
|
1822direkt.de | A | 100 | 95 | 80 | 90 |
|
|
dab-bank.de | A | 100 | 95 | 80 | 90 |
|
|
norisbank.de | A | 100 | 95 | 90 | 90 |
|
|
meine.deutsche-bank.de | A | 100 | 95 | 80 | 90 |
|
|
banking.dkb.de | A | 100 | 95 | 90 | 90 |
|
|
ing-diba.de | B | 100 | 95 | 90 | 90 |
|
|
banking.ing-diba.de | B | 100 | 95 | 80 | 90 |
|
|
targobank.de | B | 100 | 70 | 80 | 90 |
|
|
banking.postbank.de | C | 100 | 90 | 90 | 90 |
|
|
banking.degussa-bank.de | F | 100 | 0 | 80 | 90 |
|