https://www.btwholesale.com/portalzone/login/forceLoadLogin.do
http://www.dslchecker.bt.com/adsl/adslchecker.welcome
Yeah, the wholesale site is using a good CERT, shown below:
[Connection]
Protocol: TLS 1.2
Key Exchange: ECDHE_RSA
Key Exchange Group: P-256
Cipher: AES_128_GCM
Signature hash algorithm: sha256
<-- This was the main issue on the dslchecker site where it was SHA1.
Public Key: RSA (2048 Bits)
So all good there.
The security of the server is rated as B because of the following:
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B.
MORE INFO »
This server accepts RC4 cipher, but only with older browsers. Grade capped to B.
MORE INFO »
RC4 on that server needs resolving, Cipher Suites needs tweaking along with some minor stuff, but apart from that the server isn't that bad.
So if they resolved the RC4 issue and the minor tweaks that server would be rated A.
Now would I use that server, I probably would, but I would disable all the non secure Cipher client side (if I haven't already) that would force them to use another one you and the server have available.
Paul
BTBroadband - Infinity 4 - 310Mbps (down), 31Mbps (up)
TBB Speedtest