Mark Dain So my bank's website is vulnerable to POODLE, doesn't have forward secrecy, doesn't support anything higher than TLS 1.0 and the cert uses SHA1. There has to be some regulation against this, right (SSL Labs says it's "PCI Compliant")? I don't think they're taking this seriously or maybe it's to support XP? ssllabs.com/ssltes...

Eric Which bank? Or prefer not to say?

Mark Dain No reason not to say, it was in the SSL labs link at the end; It's Halifax.