Belgian banks & SSL

Tested using SSL Labs on 20/01/2015. Updated version 01/02/2015 here and 15/02/2015 here.

Only providing the weak points. Once there is one SHA1 key in the chain, I will report everything as weak.

Check SSL Labs for a full report, including what they actually did good (if anything).

Grade A

Grade B

  • AXA: weak signature (SHA1), SSL3 (insecure), RC4 (insecure), no Forward Secrecy.
  • beobank: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy.
  • KBC: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
  • Keytrade Bank: weak signature (SHA1), RC4 (insecure).
  • Crelan: no SSL on main page.
    • internet banking: weak signature (SHA1), SSL3 (insecure), no TLS 1.2, RC4, no Forward Secrecy.

Grade C

Grade D

  • n/a

Grade E

  • n/a

Grade F

  • BNP Paribas Fortis: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
  • bpost bank: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
  • ING: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.
  • Argentano SSL on main page.
    • internet banking: vulnerable to POODLE attack, SSL3 (insecure), weak signature (SHA1), RC4 (insecure), no Forward Secrecy.

Information about SSL Labs grading can be found here. Grade A (+) being the best possible ranking, and F the worst.

PS: none of the domains support IPv6 (while expected, it would have been nice — Belgium has the highest IPv6 adoption rate for end users, but almost no IPv6 websites or businesses).

8 comments

  1. […] the current status of SSL certificates used on web properties of Belgian authorities. In January, Yeri Tiete checked the certificates of Belgian banks. About a month later, his blog post was noticed by […]

  2. […] tests were performed through Qualys SSL Labs on 2015-02-16. This was inspired by the overview of Belgian banks by Yeri […]

  3. […] navolging van Belgian banks & SSL, het blogbericht van Yeri Tiete waarin hij de status van de SSL certificaten van de Belgische […]

  4. […] belangrijk is ook om een zogenaamde SLL Server test te doen (die waar onze Belgische banken begin 2015 op faalden). Met dank aan de Stone-IS support is mijn cloudserver voorzien van de nodige updates, zodat ik nu […]

Leave a Reply...