Reply to post:

Does UK high street banks' crappy crypto actually matter?

Alister Silver badge

@Iglethal.

No, that's not the case, the article is rather disingenuous about the report.

If you run a report yourself on HSBC for instance:

https://www.ssllabs.com/ssltest/analyze.html?d=www.security.hsbc.co.uk&hideResults=on

You can see that they do support the latest SSL ciphers (ECDHE_RSA) but that they also support various ciphers which are now considered to be weak.

What Scott Helme is claiming - that they don't implement HSTS headers - is NOT a major issue despite his claims, all that the HSTS header does is to tell the browser to always use HTTPS to connect to the site, but it doesn't specify the ciphers to be used on the connection, and most if not all the bank sites will only accept connections over HTTPS anyway.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019