Cahoot
Igor Mozolevsky
mozolevsky at gmail.com
Wed May 6 17:59:08 BST 2015
Francis,
On 6 May 2015 at 17:41, Francis Davey <fjmd1a at gmail.com> wrote:
If I navigate to https://www.cahoot.com, Chrome seems less than happy. It
> complains about the cryptographic technology being obsolete and also that
> the site does not possess a public key certificate (if I am interpreting
> correctly). The icon it displays suggests a fairly qualified acceptance of
> the site.
>
www.cahoot.com:443 sends:
depth=2 /O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=ES/ST=Santander/L=Santander/O=GRUPO SANTANDER/OU=DIVISION UK/CN=
www.cahoot.com
i:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
1 s:/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
2 s:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
i:/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgIETCOu1jANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC
VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0
Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW
KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNDA3MjIwOTA0MjBaFw0xNTA3MjMw
MDE3MjlaMH4xCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlTYW50YW5kZXIxEjAQBgNV
BAcTCVNhbnRhbmRlcjEYMBYGA1UEChMPR1JVUE8gU0FOVEFOREVSMRQwEgYDVQQL
EwtESVZJU0lPTiBVSzEXMBUGA1UEAxMOd3d3LmNhaG9vdC5jb20wggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZNBe1nrJBJ5Zy3WIo/WXVbwLkCABx1C09
YKQ/wmCEOKE0p/qKzQK15PehNxosS6Y6i7K5fY579g9s7FIRSoeQGlySXhyJ/9k6
UC/jI+7YgX+zMrscLugIBzcM/vledApo8ngudI+wBlQ1DZjwJAMdB4SPfRLu1YoJ
YohSZCmVIud6IjDEweaV+t/52AVFb6PItR9owezG7EH7fC0lq7jpb7OFaA8Uixn+
B9eLPscT76xeofy676yWKQswl7o0dDX7cWsJBOvy66+eL7PieOmCSazfYKVXtu24
xGMV+99NMI8dWwt7VzS2pYJT4ZF8Y3GwJAKghX0pRKp+OJRwwLXNAgMBAAGjggFz
MIIBbzALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMwYDVR0fBCww
KjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFjLmNybDBkBggr
BgEFBQcBAQRYMFYwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0
MC8GCCsGAQUFBzAChiNodHRwOi8vYWlhLmVudHJ1c3QubmV0LzIwNDgtbDFjLmNl
cjBKBgNVHSAEQzBBMDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8v
d3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwGQYDVR0RBBIwEIIOd3d3LmNh
aG9vdC5jb20wHwYDVR0jBBgwFoAUHvGriQb4SQ8BM3fuFHruGXyTKE0wHQYDVR0O
BBYEFEQWznuvLSeX1IdjqdcS8ixaICgAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF
BQADggEBAAaIGyyusMrUHrB6/muf0ToAj9ZbVJi5w/TnkwNg2eGH5CYZQxyb2Xwc
kcwG+fQ1HmOGrMWxVzDCLypdsIoUbr+RPv/4odGuANtx9hTX0F71jA/KswAOC8VD
rYSb2gf1TkUCKWK5SpmKhaFfqxsbHuxiTT9fr1xZiS5EQsGsU0QJTJRldwHOfQZg
/zHNkNy1d3v3c6ntwpju4IOYtXuLmBWo2FeIzoVUHG69/gInHOg2k+X0ZZ6AarS+
zlg1Dp0d/LWCRjfh65FaH2saRB1y8Y4uO2Twe2+GLqr0170UTmDXhlH80U1tI6HJ
4RBrwsHdTXoWxEhTy7xZC1Yl1sXD9i0=
-----END CERTIFICATE-----
subject=/C=ES/ST=Santander/L=Santander/O=GRUPO SANTANDER/OU=DIVISION UK/CN=
www.cahoot.com
issuer=/C=US/O=Entrust, Inc./OU=www.entrust.net/rpa is incorporated by
reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C
---
No client certificate CA names sent
---
SSL handshake has read 3814 bytes and written 440 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : RC4-MD5
Session-ID:
6F25ED1BBB26096C29E4E76A281B5799033ADF5B75B4B6540D27979740C8D434
Session-ID-ctx:
Master-Key:
EEFB43D5A0340356DAA0EBA78E8BE2730D047FF9AA64ECDF8717363DA8646207AE0F5B7674CD0F70BBAA0807A0B13A52
Key-Arg : None
Start Time: 1430930711
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
I suspect the complaint is about the use of RC4-MD5; in contrast, NatWest
use AES128-SHA (just checked). FYI, Cisco downgraded RC4 to "avoid" some
time toward the end of 2013 [1].
1. http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html
--
Igor M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.chiark.greenend.org.uk/pipermail/ukcrypto/attachments/20150506/07aa7d15/attachment.html>
More information about the ukcrypto
mailing list