[AusNOG] AU Major Banks and SHA-1
Nick Savvides
Nick_Savvides at symantec.com
Fri Jun 26 12:30:29 EST 2015
I actually presented a webinar (damn I hate that word) yesterday talking about SHA1 migration and gTLD issues for certificates. A recording is up on BrightTalk https://www.brighttalk.com/webcast/10589/154561
Everyone should be moving to SHA256 but the UI degradation only displays for certs with that are SHA1 and valid after 01-JAN-16.
This leaves a fairly big window to change out certs. Anyone with Symantec, certs that are SHA1 and valid after 01-JAN-16 can replace them for free with SHA2 certs.
TLS 1.0 needs to go. Yesterday.
Nick.
-------------------------------------------------------
Nick Savvides, Senior Principal Systems Engineer (Security)
nick_savvides at symantec.com<mailto:nick_savvides at symantec.com>, Mobile: +61 434 600 870
From: Matthew Moyle-Croft <mmc at mmc.com.au<mailto:mmc at mmc.com.au>>
Date: Friday, 26 June 2015 08:14
To: "ausnog at ausnog.net<mailto:ausnog at ausnog.net>" <ausnog at ausnog.net<mailto:ausnog at ausnog.net>>
Subject: [AusNOG] AU Major Banks and SHA-1
We've all been distracted by the large scale crazy of site blocking, meta data retention and whatever else the Australian Government is doing.
But need to focus on some basics:
SHA-1 is on it's way out (see http://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html).
Friend got a warning for his bank (not Australian) from Chrome about bad SSL configs, so I went and had a quick look at the big 4 banks in Australia to see what's up.
Commbank - got it right - no SHA-1 for home page or Internet Banking, no TLS 1.0
ANZ - no SSL on home page, TLS 1.0 and SHA-1 for internet banking (oh boy!)
NAB - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
Westpac - no SSL on home page, TLS 1.2 and SHA-1 for internet banking
Anyone here who can influence good internet crypto for the 3 that aren't quite there?
MMC
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150625/b1479c25/attachment.html>
More information about the AusNOG
mailing list