<div dir="ltr">Francis,<div><br><div class="gmail_extra"><br><div class="gmail_quote">On 6 May 2015 at 17:41, Francis Davey <span dir="ltr"><<a href="mailto:fjmd1a@gmail.com" target="_blank">fjmd1a@gmail.com</a>></span> wrote:</div><div class="gmail_quote"><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr"><div>If I navigate to <a href="https://www.cahoot.com" target="_blank">https://www.cahoot.com</a>, Chrome seems less than happy. It complains about the cryptographic technology being obsolete and also that the site does not possess a public key certificate (if I am interpreting correctly). The icon it displays suggests a fairly qualified acceptance of the site.</div></div></blockquote><div><br></div><div><a href="http://www.cahoot.com:443">www.cahoot.com:443</a> sends:</div><div><br></div><div><br></div><div><div>depth=2 /O=Entrust.net/OU=<a href="http://www.entrust.net/CPS_2048">www.entrust.net/CPS_2048</a> incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)</div><div>verify error:num=19:self signed certificate in certificate chain</div><div>verify return:0</div><div>---</div><div>Certificate chain</div><div> 0 s:/C=ES/ST=Santander/L=Santander/O=GRUPO SANTANDER/OU=DIVISION UK/CN=<a href="http://www.cahoot.com">www.cahoot.com</a></div><div>   i:/C=US/O=Entrust, Inc./OU=<a href="http://www.entrust.net/rpa">www.entrust.net/rpa</a> is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C</div><div> 1 s:/C=US/O=Entrust, Inc./OU=<a href="http://www.entrust.net/rpa">www.entrust.net/rpa</a> is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C</div><div>   i:/O=Entrust.net/OU=<a href="http://www.entrust.net/CPS_2048">www.entrust.net/CPS_2048</a> incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)</div><div> 2 s:/O=Entrust.net/OU=<a href="http://www.entrust.net/CPS_2048">www.entrust.net/CPS_2048</a> incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)</div><div>   i:/O=Entrust.net/OU=<a href="http://www.entrust.net/CPS_2048">www.entrust.net/CPS_2048</a> incorp. by ref. (limits liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification Authority (2048)</div><div>---</div><div>Server certificate</div><div>-----BEGIN CERTIFICATE-----</div><div>MIIFIzCCBAugAwIBAgIETCOu1jANBgkqhkiG9w0BAQUFADCBsTELMAkGA1UEBhMC</div><div>VVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xOTA3BgNVBAsTMHd3dy5lbnRydXN0</div><div>Lm5ldC9ycGEgaXMgaW5jb3Jwb3JhdGVkIGJ5IHJlZmVyZW5jZTEfMB0GA1UECxMW</div><div>KGMpIDIwMDkgRW50cnVzdCwgSW5jLjEuMCwGA1UEAxMlRW50cnVzdCBDZXJ0aWZp</div><div>Y2F0aW9uIEF1dGhvcml0eSAtIEwxQzAeFw0xNDA3MjIwOTA0MjBaFw0xNTA3MjMw</div><div>MDE3MjlaMH4xCzAJBgNVBAYTAkVTMRIwEAYDVQQIEwlTYW50YW5kZXIxEjAQBgNV</div><div>BAcTCVNhbnRhbmRlcjEYMBYGA1UEChMPR1JVUE8gU0FOVEFOREVSMRQwEgYDVQQL</div><div>EwtESVZJU0lPTiBVSzEXMBUGA1UEAxMOd3d3LmNhaG9vdC5jb20wggEiMA0GCSqG</div><div>SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCZNBe1nrJBJ5Zy3WIo/WXVbwLkCABx1C09</div><div>YKQ/wmCEOKE0p/qKzQK15PehNxosS6Y6i7K5fY579g9s7FIRSoeQGlySXhyJ/9k6</div><div>UC/jI+7YgX+zMrscLugIBzcM/vledApo8ngudI+wBlQ1DZjwJAMdB4SPfRLu1YoJ</div><div>YohSZCmVIud6IjDEweaV+t/52AVFb6PItR9owezG7EH7fC0lq7jpb7OFaA8Uixn+</div><div>B9eLPscT76xeofy676yWKQswl7o0dDX7cWsJBOvy66+eL7PieOmCSazfYKVXtu24</div><div>xGMV+99NMI8dWwt7VzS2pYJT4ZF8Y3GwJAKghX0pRKp+OJRwwLXNAgMBAAGjggFz</div><div>MIIBbzALBgNVHQ8EBAMCBaAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwMwYDVR0fBCww</div><div>KjAooCagJIYiaHR0cDovL2NybC5lbnRydXN0Lm5ldC9sZXZlbDFjLmNybDBkBggr</div><div>BgEFBQcBAQRYMFYwIwYIKwYBBQUHMAGGF2h0dHA6Ly9vY3NwLmVudHJ1c3QubmV0</div><div>MC8GCCsGAQUFBzAChiNodHRwOi8vYWlhLmVudHJ1c3QubmV0LzIwNDgtbDFjLmNl</div><div>cjBKBgNVHSAEQzBBMDUGCSqGSIb2fQdLAjAoMCYGCCsGAQUFBwIBFhpodHRwOi8v</div><div>d3d3LmVudHJ1c3QubmV0L3JwYTAIBgZngQwBAgIwGQYDVR0RBBIwEIIOd3d3LmNh</div><div>aG9vdC5jb20wHwYDVR0jBBgwFoAUHvGriQb4SQ8BM3fuFHruGXyTKE0wHQYDVR0O</div><div>BBYEFEQWznuvLSeX1IdjqdcS8ixaICgAMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQEF</div><div>BQADggEBAAaIGyyusMrUHrB6/muf0ToAj9ZbVJi5w/TnkwNg2eGH5CYZQxyb2Xwc</div><div>kcwG+fQ1HmOGrMWxVzDCLypdsIoUbr+RPv/4odGuANtx9hTX0F71jA/KswAOC8VD</div><div>rYSb2gf1TkUCKWK5SpmKhaFfqxsbHuxiTT9fr1xZiS5EQsGsU0QJTJRldwHOfQZg</div><div>/zHNkNy1d3v3c6ntwpju4IOYtXuLmBWo2FeIzoVUHG69/gInHOg2k+X0ZZ6AarS+</div><div>zlg1Dp0d/LWCRjfh65FaH2saRB1y8Y4uO2Twe2+GLqr0170UTmDXhlH80U1tI6HJ</div><div>4RBrwsHdTXoWxEhTy7xZC1Yl1sXD9i0=</div><div>-----END CERTIFICATE-----</div><div>subject=/C=ES/ST=Santander/L=Santander/O=GRUPO SANTANDER/OU=DIVISION UK/CN=<a href="http://www.cahoot.com">www.cahoot.com</a></div><div>issuer=/C=US/O=Entrust, Inc./OU=<a href="http://www.entrust.net/rpa">www.entrust.net/rpa</a> is incorporated by reference/OU=(c) 2009 Entrust, Inc./CN=Entrust Certification Authority - L1C</div><div>---</div><div>No client certificate CA names sent</div><div>---</div><div>SSL handshake has read 3814 bytes and written 440 bytes</div><div>---</div><div>New, TLSv1/SSLv3, Cipher is RC4-MD5</div><div>Server public key is 2048 bit</div><div>Secure Renegotiation IS NOT supported</div><div>Compression: NONE</div><div>Expansion: NONE</div><div>SSL-Session:</div><div>    Protocol  : TLSv1</div><div>    Cipher    : RC4-MD5</div><div>    Session-ID: 6F25ED1BBB26096C29E4E76A281B5799033ADF5B75B4B6540D27979740C8D434</div><div>    Session-ID-ctx: </div><div>    Master-Key: EEFB43D5A0340356DAA0EBA78E8BE2730D047FF9AA64ECDF8717363DA8646207AE0F5B7674CD0F70BBAA0807A0B13A52</div><div>    Key-Arg   : None</div><div>    Start Time: 1430930711</div><div>    Timeout   : 300 (sec)</div><div>    Verify return code: 0 (ok)</div><div>---</div></div><div><br></div><div><br></div><div>I suspect the complaint is about the use of RC4-MD5; in contrast, NatWest use AES128-SHA (just checked). FYI, Cisco downgraded RC4 to "avoid" some time toward the end of 2013 [1].</div><div><br></div><div><br></div><div>1. <a href="http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html">http://www.cisco.com/web/about/security/intelligence/nextgen_crypto.html</a></div><div><br></div><div><br></div><div>-- </div><div>Igor M.</div></div></div></div></div>