Reply to post: Cipher Selection

Does UK high street banks' crappy crypto actually matter?

Quotes

Cipher Selection

@Alister mentioned the SSL report from Qualys SSL Labs for HSBC. It does cause concern to see a "B" rating, and inclusion of the TLS_RSA_WITH_RC4_128_SHA (0x5) cipher which is insecure.

I would be mortified to get a B rating. I have always looked at the Twitter and Google reports to see what their cipher selections are like and configured my servers to a similar spec. There are a couple of "weak" ciphers to fall back on but this is still acceptable and they are at the bottom of the list.

But HSBC using an Insecure Cipher - surely that is unforgivable?

And why aren’t they using Perfect Forward Secrecy?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019