Mick wrote: > On Saturday 19 Apr 2014 16:29:34 Dale wrote: > >> How does one find out what their bank uses? I'd like to check on what >> mine uses. I have Seamonkey and Firefox installed here IF it matters. > > Some banks have reverted to RC4 to protect against TLS v1.0 attacks from the > BEAST. > > I don't think that FF shows the algos used for key exchange and encryption in > enough detail. You can see them if you use Chromium and click on the green > padlock. > > I use openssl s_client, e.g.: > > openssl s_client -connect www.wellsfargo.com:443 > > and look for this info: > > New, TLSv1/SSLv3, Cipher is RC4-SHA > Server public key is 2048 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > SSL-Session: > Protocol : TLSv1 > Cipher : RC4-SHA >
I have this little padlock looking thing too. I dug around and found this info: CN = VeriSign Class 3 Extended Validation SSL SGC CA OU = Terms of use at https://www.verisign.com/rpa (c)06 OU = VeriSign Trust Network O = "VeriSign, Inc." C = US PKCS #1 RSA Encryption There is another place with info but it doesn't allow me to highlight it so that I can copy and paste. Hmmmmmm. Anyway, is that reasonable for a bank to use? In case you haven't noticed, I'm not a wealth of info on encryption, just rich in questions. I just know that it is supposed to make things unreadable without a password, pass key or whatever. This is currently my bank. http://cadencebank.com/ Since they changed to a card that a lot of stores don't take, that could be changing real soon. Dale :-) :-) -- I am only responsible for what I said ... Not for what you understood or how you interpreted my words!
