Belgian banks & SSL — part 5

Minor end of year update. No big SSL exploits have been released since (bar DH, see below).

Once again, this is testing the public websites I can access. There might be other gateways, APIs, etc that are not (as) secure.

It’s worthy to note that some banks are serious about security and fixing their SSL. Most improved their rating and solved all issues (especially getting rid of SHA1 in the chain). However, a couple lowered from B to C (see below). But… No more F’s. 🙂

The noteworthy changers:

  • Hello Bank! went from A to B though due to weak DH,
  • Triodos lost their Forward Secrecy,
  • Optima from F to A(-) (and a bunch others from B to A, and higher),
  • A bunch from B to C due to SSLLabs being more severe (see below). Most did solve some of their issues,
  • BKCP is doing a lot wrong.

Edit: Tested wrong AXA domain; updated to A+.

Update 11 Jan 2016: ABK & BvB updated to A.

Note that not supporting TLS 1.2 or supporting RC4 capped sites to grade B about a year ago; it now caps to grade C (aka SSLLabs is more severe).

Grade A

Grade B

Grade C

  • PSA Bank: weak signature (SHA1), no TLS 1.2, no Forward Secrecy.
  • beobank: weak DH, no TLS 1.2, RC4 (insecure), no Forward Secrecy, no secure renegotiation.
  • BKCP: weak signature (SHA1), no TLS 1.2, RC4 (insecure), no Forward Secrecy, weak DH.

Grade D

  • n/a

Grade E

  • n/a

Grade F

  • n/a

Posted by

in

, , ,

Comments

5 responses to “Belgian banks & SSL — part 5”

  1. Michel avatar
    Michel

    Bank Van Breda and ABK Bank updated their systems as they have grade A now.

      1. Michel avatar
        Michel

        We changed over to a new url : https://secure.bankvanbreda.be

        1. Yeri Tiete avatar

          Ok, aangepast. Thanks!

  2. Nzall avatar
    Nzall

    Europabank.be is scannable again, contrary to when you last scanned (4, I think it was). They currently get a C rating on both their servers.

Leave a Reply…