AnsweredAssumed Answered

citi bank is blocking SSL testing

Question asked by Paco Hidalgo on Jun 21, 2016
Latest reply on Feb 6, 2017 by Paco Hidalgo

I have been using the online SSL Server Test for some time and I find it the best tool for assessing the health of a site's SSL configuration. I just tried it on https://online.citi.com , online.citi.com, and citi.com, and I got the message

The owner of this site requested that we do not test it (more info)

 

 

for the last two and got redirected to Sign On- Citibank for the first one. I find this most disturbing since we are talking about a major mega-bank whose online servers we have to trust, and who is blocking us from getting an assessment of how secure their servers are. And you are redirecting us to their servers in the first case. Why would you do that?

 

Using ssllabs-scan, I got

Assessment failed: https://online.citi.com (Hostname blacklisted)

 

Using other tools I did find:

  • Medium grade encryption
  • Triple DES Ciphers
  • Secure Client-Initiated Renegotiation

that all raised 'red flags', so I assume this would downgrade their score on your test.

 

I have found other banks' sites that had less than A+ ratings and I think that is despicable for a bank.

Outcomes