I did an interesting little experiment today. I read about banking sites offering weak cipher suites by default (i.e. in its ordering of possible SSL cipher suites, it has weaker suites listed first), even if the browser in question supports a stronger cipher. So I used Qualys SSL Labs’ testing tool to test three South African Internet Banking websites’ SSL configurations. I was pleased to find that my bank (Nedbank) is generally okay, but shocked (and not very surprised) to find that ABSA, a subsidiary of Barclays — the large international British bank, has an insecure SSL configuration on its internet banking server. You can perform these tests (and get a lot of detail) on any publicly-accessible site at this URL: https://www.ssllabs.com/ssltest/. You can also test your browser here: https://www.ssllabs.com/ssltest/viewMyClient.html.
Here are the results for ABSA, Nedbank and Standard Bank’s internet banking sites: