Mark Dain So my bank's website is vulnerable to POODLE, doesn't have forward secrecy, doesn't support anything higher than TLS 1.0 and the cert uses SHA1. There has to be some regulation against this, right (SSL Labs says it's "PCI Compliant")? I don't think they're taking this seriously or maybe it's to support XP?
Login or register your account to reply
Dongsung Kim Well, my bank scores a freaking F.
9y, 3w 1 reply
Mark Dain What horrifies me is this still shows up with a green bar in every browser! This is a perfect example of getting that box ticked for SSL; you deploy it to pass some certification. Browsers need to start rejecting this, else it's just a false sense of security. I guess they already are as browsers are going to ditch SSL 3 and SHA 1 pretty soon.
9y, 3w reply
Eric Which bank? Or prefer not to say?
Mark Dain No reason not to say, it was in the SSL labs link at the end; It's Halifax.
9y, 3w 1 reply