[GNC] Using Quicken direct connect with USAA

Mon May 25 12:09:30 EDT 2020

Jon,

The Application Settings I use for USAA are
Application ID: QWIN
Application Version: 2200
Header Version: 102

In Special Settings:
HTTP Version, Client UID, and Security Type are blank, Force SSLv3 and Send Short Date are checked, and Send Empty Bank ID and Send Empty FID are unchecked.

Another user had trouble with USAA because he had entered a Client UID on the User Settings page, so make sure that's blank too.

Yes, SSL v3 is less secure than TLS, but it's better than sending the data in the clear, and yes, the authentication that USAA uses on OFX DirectConnect is less than ideal.

Regards,
John Ralls

> On May 25, 2020, at 8:59 AM, Jon Schewe <jpschewe at mtu.net> wrote:
> 
> Alan,
> 
> Thanks for the suggestion. I tried not setting any special settings and
> make sure the SSL v3 is unchecked. Still no change.
> 
> As far as security goes, this method for getting my transactions
> appears less secure than using Web Connect. When I login to get to the
> Web Connect download I need to enter a one time password from my phone,
> but for Direct Connect I only need my PIN.
> 
> Jon
> 
> On Mon, 2020-05-25 at 11:48 -0400, Alan wrote:
>> Jon,
>> 
>> Disable SSL v3. Info at wiki.gnucash.org is wrong. It's not secure, and no
>> reputable financial institution should be supporting it for financial
>> transactions.
>> 
>> As of this moment, USAA is only supporting TLS 1.2 and 1.3, which are secure.
>> Suggest not setting any of the "special settings" options, and never enable SSL
>> v2 or v3 for any program, except for testing with non-sensitive data.
>> 
>> -----Original Message-----
>> From: gnucash-user
>> [mailto:gnucash-user-bounces+alangnuc=bigtowers.net at gnucash.org] On Behalf Of
>> Jon Schewe
>> Sent: Monday, May 25, 2020 10:36 AM
>> To: gnucash-user <gnucash-user at gnucash.org>
>> Subject: [GNC] Using Quicken direct connect with USAA
>> 
>> I have been using the Web Connect with USAA for years and that's worked great.
>> However now I see that they are discontinuing support for this feature. So I'm
>> trying to setup Direct Connect. I found the instructions for setting up USAA at
>> https://wiki.gnucash.org/wiki/OFX_Direct_Connect_Bank_Settings#USAA,
>> however I'm not seeing the "Server Capabilities" tab to select the account list
>> download options.
>> 
>> I'm using GnuCash 3.10 from flatpak.
>> I'm on Linux.
>> 
>> I have the following Settings:
>> "User Settings"
>> User Name, User id and Client UID all set to my USAA number. I have tried both
>> with the 00 prefix and without.
>> 
>> "Bank Settings"
>> Broker ID: 5874
>> FID: 24591
>> ORG: USAA
>> Server URL: https://service2.usaa.com/ofx/OFXServlet
>> 
>> "Application Settings"
>> I've tried the default application settings and the settings that should be for
>> Quicken 2017:
>> Application ID: QWIN
>> Application Version: 2600
>> Header Version: 102
>> 
>> Under "Special Settings" I've tried HTTP Version blank, 1.0 and 1.1.
>> I've checked "Force SSLv3".
>> 
>> When I go back to the "Bank Settings" tab I see the following after clicking on
>> "Retrieve Account List".
>> 
>> 09:26:37 Sending request...
>> 09:26:37 Using GnuTLS default ciphers.
>> 09:26:37 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-GCM:AEAD
>> 09:26:37 Waiting for response...
>> 09:26:37 Operation finished, you can now close this window.
>> 
>> The AqBanking Setup never lets me get to the point of associating USAA accounts
>> with GnuCash accounts. Can someone give me some pointers on what is wrong here?
>> 
>> Thank you,
>> Jon
>> 
>> 
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.