online banking with BB&T

John Ralls jralls at ceridwen.us
Mon Apr 13 23:22:12 EDT 2015 

> On Apr 13, 2015, at 11:58 AM, Chris Hoefler <hoeflerb at gmail.com> wrote:
> 
> Hi,
> 
> I'm trying to use OFXDirectConnect to download transaction data from BB&T.
> When I set up the account through Tools|Online Banking Setup, I follow the
> wizard prompts until it tries to make an initial handshake with the server.
> It stops with this error message,
> 
> 11:45:24 Retrieving SSL certificate
> 11:45:24 Connecting to server...
> 11:45:24 Using old SSL preparation code.
> 11:45:24 TLS Handshake Error: -12 (A TLS fatal alert has been received.)
> 11:45:25 Retrying to connect (SSLv3)
> 11:45:25 Using old SSL preparation code.
> 11:45:25 TLS Handshake Error: -12 (A TLS fatal alert has been received.)
> 11:45:25 Could not connect to server
> 11:45:25 Could not connect to server, giving up (-66)
> 11:45:25 Operation finished, you can now close this window.
> 
> The ssldump output tells me that this is a protocol version problem,
> 
> New TCP connection #14: *** <-> eftx.bbt.com(443)
> 14 1  0.1925 (0.1925)  C>S  Handshake
>      ClientHello
>        Version 3.0
>        cipher suites
>        SSL_DHE_RSA_WITH_AES_128_CBC_SHA
>        SSL_DHE_RSA_WITH_AES_256_CBC_SHA
>        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>        SSL_DHE_DSS_WITH_AES_128_CBC_SHA
>        SSL_DHE_DSS_WITH_AES_256_CBC_SHA
>        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>        SSL_RSA_WITH_AES_128_CBC_SHA
>        SSL_RSA_WITH_AES_256_CBC_SHA
>        SSL_RSA_WITH_3DES_EDE_CBC_SHA
>        SSL_RSA_WITH_RC4_128_SHA
>        SSL_RSA_WITH_RC4_128_MD5
>        Unknown value 0xff
>        compression methods
>                  NULL
> 14 2  0.2444 (0.0518)  S>C  Alert
>    level           fatal
>    value           protocol_version
> 
> The BB&T server doesn't support TLS 1.1 or 1.2, so this might be causing
> the problem. Any known solutions? Or, does anybody have BB&T working for
> them? Here is some SSL info from ssllabs,
> 
> https://www.ssllabs.com/ssltest/analyze.html?d=eftx.bbt.com
> 
> I am using GnuCash 2.6.6 with libaqbanking 5.3.5beta-2 and libaqofxconnect
> on Ubuntu 14.04.

The SSL Labs probe shows that BB&T supports TLS 1.0 only. https://www.openssl.org/docs/ssl/SSL_CONF_cmd.html includes -no_tls_1, which disables TLS-1.0. You could look for that in your SSL config and unset it if you find it, but it would probably be wiser to not use OFXConnect with a bank that is so clueless about security. Were I in your position I'd find a different bank; if they're willing to be 9 years out of date (http://en.wikipedia.org/wiki/Transport_Layer_Security) on OFXConnect security it's unlikely that they take any other kind of security seriously either.

Regards,
John Ralls

More information about the gnucash-user mailing list