California DMV

Below information has been updated.  Please refer to the latest write up.

California DMV uses convergepay for credit card processing.  I just ran a check of that site on SSL Labs to check the certificate and security and the grade was a C.

  • This server is vulnerable to the POODLE attack.
  • There is no support for secure renegotiation
  • This server does not support Forward Secrecy with the reference browsers.
  • Server support weak cipher suites
  • Certificate is not a extended Validation Cert.
  • Server still support SSL3.  SSL3 was first introduced in 1996.  SSL3 was prohibited in June 2015 by RFC 7568.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s