In need of something better to do, I thought I would see if any of the Danish Banks have improved their SSL/TLS since last summer. Back then, we saw that the so called “bank grade”-security was generally not that good (at least in terms of SSL/TLS). The results were pretty much consistent with the rest of the world, which was kinda sad. But now we are in 2016, so let us see how the banks fare today.
I have tested all the banks I tested last time, as well as the ones Jamie Magee tested and I did not.
|Bank||Grade||Supports SSL 3||Supports SHA1||No TLS 1.2||Supports RC4||Forward Secrecy||POODLE|
|Lån & Spar Bank||A-||Pass||Pass||Pass||Pass||Fail||Pass|
- *Intermediate certificate still supports SHA1
- **Only SSLv3 vulnerable to POODLE, not TLS
Wow. What an improvement. Back in May, only one bank got an A- and it was the only one to get higher than a B. Now only two banks get less than an A- and there even is one getting an A+. Good job to the teams who have taken action to improve their security and kudos to Jutlander Bank for being the only bank in Denmark (I know about) with an A+ rating.