Mick wrote:
> On Saturday 19 Apr 2014 16:29:34 Dale wrote:
>
>> How does one find out what their bank uses?  I'd like to check on what
>> mine uses.  I have Seamonkey and Firefox installed here IF it matters.
>
> Some banks have reverted to RC4 to protect against TLS v1.0 attacks
from the
> BEAST.
>
> I don't think that FF shows the algos used for key exchange and
encryption in
> enough detail.  You can see them if you use Chromium and click on the
green
> padlock.
>
> I use openssl s_client, e.g.:
>
> openssl s_client -connect www.wellsfargo.com:443
>
> and look for this info:
>
> New, TLSv1/SSLv3, Cipher is RC4-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : RC4-SHA
>


I have this little padlock looking thing too.  I dug around and found
this info:

CN = VeriSign Class 3 Extended Validation SSL SGC CA
OU = Terms of use at https://www.verisign.com/rpa (c)06
OU = VeriSign Trust Network
O = "VeriSign, Inc."
C = US

PKCS #1 RSA Encryption

There is another place with info but it doesn't allow me to highlight it
so that I can copy and paste.  Hmmmmmm.

Anyway, is that reasonable for a bank to use?  In case you haven't
noticed, I'm not a wealth of info on encryption, just rich in
questions.  I just know that it is supposed to make things unreadable
without a password, pass key or whatever.

This is currently my bank.

http://cadencebank.com/

Since they changed to a card that a lot of stores don't take, that could
be changing real soon.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!