Below information has been updated. Please refer to the latest write up.
California DMV uses convergepay for credit card processing. I just ran a check of that site on SSL Labs to check the certificate and security and the grade was a C.
- This server is vulnerable to the POODLE attack.
- There is no support for secure renegotiation
- This server does not support Forward Secrecy with the reference browsers.
- Server support weak cipher suites
- Certificate is not a extended Validation Cert.
- Server still support SSL3. SSL3 was first introduced in 1996. SSL3 was prohibited in June 2015 by RFC 7568.