I tested their server using http://ift.tt/VQjgNS and, apart from the disappointing "B" rating (it handles financial transactions, after all), the server only allows the following 2 RC4 cipher suites, both of which are considered weak:
TLS_RSA_WITH_RC4_128_MD5 (0x4) WEAK 128
TLS_RSA_WITH_RC4_128_SHA (0x5) WEAK 128
I disabled these cipher suites in my browser (Google Chrome) some time ago, so the transaction fails, but honestly i don't want to re-enable them if they are considered vulnerable. Should i make an exception for this particular case and temporarily re-enable the ciphers or should i insist they offer a stronger cipher suite, what do you think?
Aucun commentaire:
Enregistrer un commentaire