This is just here to explain clearly to Nationwide what is wrong with their SSL on the domain olb2.nationet.com
If you visit this site in Firefox 37.0.2, you are shown this warning:
The SSL handshake is failing. Firefox isn’t very descriptive here (should they be?).
The reason the SSL handshake is failing is because Nationwide’s server does not support a cipher which Firefox calls secure. Mozilla pulled support for a number of known insecure or weak ciphers last year, one of which is TLS_RSA_WITH_RC4_128_MD5. However, this is the most secure cipher the olb2.nationet.com site supports.
Qualys’ SSL Labs shows that the security here is poor, with the vast majority of properly configured, modern browsers failing to handshake with the server:
In addition to this, there are other issues that mean that they get a grade F – not good enough for a bank.
The issue here is not an out-of-date browser. It is an out-of-date server.
Mark
February 12, 2016 at 5:18pmFebruary 2016: Nationwide’s online banking website still scores grade F https://www.ssllabs.com/ssltest/analyze.html?d=onlinebanking.nationwide.co.uk