From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-155221-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id 52DC6138A1F
	for <garchives@archives.gentoo.org>; Sat, 19 Apr 2014 18:41:18 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 7F266E0ACD;
	Sat, 19 Apr 2014 18:41:08 +0000 (UTC)
Received: from mail-yh0-f51.google.com (mail-yh0-f51.google.com [209.85.213.51])
	(using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 71C3EE0AA9
	for <gentoo-user@lists.gentoo.org>; Sat, 19 Apr 2014 18:41:07 +0000 (UTC)
Received: by mail-yh0-f51.google.com with SMTP id f10so2393467yha.38
        for <gentoo-user@lists.gentoo.org>; Sat, 19 Apr 2014 11:41:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=message-id:date:from:user-agent:mime-version:to:subject:references
         :in-reply-to:content-type;
        bh=iAVyYgat1LUB32wbIfiEfv/46FrrAagHAyNbn5LEoyg=;
        b=rlqzl7Q2O0petfSIDBFQChPtWJLs3VTZC0o77EkSa1GmyRxRpsuoPJjzxazYL6hXrC
         VmsgdCtp4Lz/56+KNDxTMglSQuoAZnxwS3U71w1V7o0SCnYi8jPFlFK8rPcrTU+3eQmd
         eADnieAQa5oUI38NDKtQI35L3m5oCU8F0OizSo8PsI0QNqUNdv2hiwpBxrQMi5Fqb1dj
         dywPmIoqYdg5ofPBekFb3r5hwgsfSub6nDNK6rv/8VZerISAUlM+SCsFgchBnnKJd+DC
         QI7EMyRS3hZPIX3yv+mB/KNcxql/oTVyhl7aeKpZLpCIFdyrbtA/TfxsVepD6OcNuzFz
         mhwg==
X-Received: by 10.236.75.74 with SMTP id y50mr38364882yhd.38.1397932866392;
        Sat, 19 Apr 2014 11:41:06 -0700 (PDT)
Received: from [192.168.2.5] (adsl-98-95-150-165.jan.bellsouth.net. [98.95.150.165])
        by mx.google.com with ESMTPSA id 63sm60174270yhi.13.2014.04.19.11.41.04
        for <multiple recipients>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Sat, 19 Apr 2014 11:41:05 -0700 (PDT)
Message-ID: <5352C33E.7070802@gmail.com>
Date: Sat, 19 Apr 2014 13:41:02 -0500
From: Dale <rdalek1967@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 SeaMonkey/2.25
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Re: Heartbleed fix - question re: replacing self-signed
 certs with real ones
References: <201404171649.57228.michaelkintzios@gmail.com> <201404190033.35662.michaelkintzios@gmail.com> <5352965E.4020708@gmail.com> <201404191711.33377.michaelkintzios@gmail.com>
In-Reply-To: <201404191711.33377.michaelkintzios@gmail.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/alternative;
 boundary="------------020809080308090104030209"
X-Archives-Salt: 836398b3-4c26-4177-85b7-6b7dbfc7f128
X-Archives-Hash: 9607677723d5bb1cab551087850dbdd5

This is a multi-part message in MIME format.
--------------020809080308090104030209
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

Mick wrote:
> On Saturday 19 Apr 2014 16:29:34 Dale wrote:
>
>> How does one find out what their bank uses?  I'd like to check on what
>> mine uses.  I have Seamonkey and Firefox installed here IF it matters.
>
> Some banks have reverted to RC4 to protect against TLS v1.0 attacks
from the
> BEAST.
>
> I don't think that FF shows the algos used for key exchange and
encryption in
> enough detail.  You can see them if you use Chromium and click on the
green
> padlock.
>
> I use openssl s_client, e.g.:
>
> openssl s_client -connect www.wellsfargo.com:443
>
> and look for this info:
>
> New, TLSv1/SSLv3, Cipher is RC4-SHA
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : RC4-SHA
>


I have this little padlock looking thing too.  I dug around and found
this info:

CN = VeriSign Class 3 Extended Validation SSL SGC CA
OU = Terms of use at https://www.verisign.com/rpa (c)06
OU = VeriSign Trust Network
O = "VeriSign, Inc."
C = US

PKCS #1 RSA Encryption

There is another place with info but it doesn't allow me to highlight it
so that I can copy and paste.  Hmmmmmm.

Anyway, is that reasonable for a bank to use?  In case you haven't
noticed, I'm not a wealth of info on encryption, just rich in
questions.  I just know that it is supposed to make things unreadable
without a password, pass key or whatever.

This is currently my bank.

http://cadencebank.com/

Since they changed to a card that a lot of stores don't take, that could
be changing real soon.

Dale

:-)  :-)

-- 
I am only responsible for what I said ... Not for what you understood or
how you interpreted my words!


--------------020809080308090104030209
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Mick wrote:<br>
    <span style="white-space: pre;">&gt; On Saturday 19 Apr 2014
      16:29:34 Dale wrote:<br>
      &gt;<br>
      &gt;&gt; How does one find out what their bank uses?  I'd like to
      check on what<br>
      &gt;&gt; mine uses.  I have Seamonkey and Firefox installed here
      IF it matters.<br>
      &gt;<br>
      &gt; Some banks have reverted to RC4 to protect against TLS v1.0
      attacks from the <br>
      &gt; BEAST.<br>
      &gt;<br>
      &gt; I don't think that FF shows the algos used for key exchange
      and encryption in <br>
      &gt; enough detail.  You can see them if you use Chromium and
      click on the green <br>
      &gt; padlock.<br>
      &gt;<br>
      &gt; I use openssl s_client, e.g.:<br>
      &gt;<br>
      &gt; openssl s_client -connect <a class="moz-txt-link-abbreviated" href="http://www.wellsfargo.com:443">www.wellsfargo.com:443</a><br>
      &gt;<br>
      &gt; and look for this info:<br>
      &gt;<br>
      &gt; New, TLSv1/SSLv3, Cipher is RC4-SHA<br>
      &gt; Server public key is 2048 bit<br>
      &gt; Secure Renegotiation IS NOT supported<br>
      &gt; Compression: NONE<br>
      &gt; Expansion: NONE<br>
      &gt; SSL-Session:<br>
      &gt;     Protocol  : TLSv1<br>
      &gt;     Cipher    : RC4-SHA<br>
      &gt;</span><br>
    <br>
    <br>
    I have this little padlock looking thing too.  I dug around and
    found this info:<br>
    <br>
    CN = VeriSign Class 3 Extended Validation SSL SGC CA<br>
    OU = Terms of use at <a class="moz-txt-link-freetext" href="https://www.verisign.com/rpa">https://www.verisign.com/rpa</a> (c)06<br>
    OU = VeriSign Trust Network<br>
    O = "VeriSign, Inc."<br>
    C = US<br>
    <br>
    PKCS #1 RSA Encryption<br>
    <br>
    There is another place with info but it doesn't allow me to
    highlight it so that I can copy and paste.  Hmmmmmm. <br>
    <br>
    Anyway, is that reasonable for a bank to use?  In case you haven't
    noticed, I'm not a wealth of info on encryption, just rich in
    questions.  I just know that it is supposed to make things
    unreadable without a password, pass key or whatever. <br>
    <br>
    This is currently my bank.<br>
    <br>
    <a class="moz-txt-link-freetext" href="http://cadencebank.com/">http://cadencebank.com/</a> <br>
    <br>
    Since they changed to a card that a lot of stores don't take, that
    could be changing real soon. <br>
    <br>
    Dale<br>
    <br>
    :-)  :-) <br>
    <br>
    -- <br>
    I am only responsible for what I said ... Not for what you
    understood or how you interpreted my words!<br>
    <br>
  </body>
</html>

--------------020809080308090104030209--