Categories
Linux Misc Networking Software Windows www

Belgian banks & SSL

Tested using SSL Labs on 20/01/2015. Updated version 01/02/2015 here and 15/02/2015 here.

Only providing the weak points. Once there is one SHA1 key in the chain, I will report everything as weak.

Check SSL Labs for a full report, including what they actually did good (if anything).

Grade A

Grade B

  • AXA: weak signature (SHA1), SSL3 (insecure), RC4 (insecure), no Forward Secrecy.
  • beobank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.
  • KBC: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
  • Keytrade Bank: weak signature (SHA1), RC4 (insecure).
  • Crelan: no SSL on main page.
    • internet banking: weak signature (SHA1), SSL3 (insecure), no TLS 1.2, RC4, no Forward Secrecy.

Grade C

Grade D

  • n/a

Grade E

  • n/a

Grade F

  • BNP Paribas Fortis: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
  • bpost bank: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
  • ING: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
  • Argentano SSL on main page.
    • internet banking: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.

Information about SSL Labs grading can be found here. Grade A (+) being the best possible ranking, and F the worst.

PS: none of the domains support IPv6 (while expected, it would have been nice — Belgium has the highest IPv6 adoption rate for end users, but almost no IPv6 websites or businesses).

9 replies on “Belgian banks & SSL”

Leave a Reply...

%d bloggers like this: