Mark Dain So my bank's website is vulnerable to POODLE, doesn't have forward secrecy, doesn't support anything higher than TLS 1.0 and the cert uses SHA1. There has to be some regulation against this, right (SSL Labs says it's "PCI Compliant")? I don't think they're taking this seriously or maybe it's to support XP? ssllabs.com/ssltes...

Dongsung Kim Well, my bank scores a freaking F. ssllabs.com/ssltes...

Mark Dain What horrifies me is this still shows up with a green bar in every browser! This is a perfect example of getting that box ticked for SSL; you deploy it to pass some certification. Browsers need to start rejecting this, else it's just a false sense of security. I guess they already are as browsers are going to ditch SSL 3 and SHA 1 pretty soon.