[GNC] Using Quicken direct connect with USAA

Mon May 25 14:21:49 EDT 2020

Thank you for your help thus far.

I noticed that I had AQBanking and GnuCash installed both inside and
outside flatpak. I've removed the version outside flatpak, but that
didn't help.

If there are some additional debugging steps that are suggested for
checking aqbanking, let me know and I can see where the integration
with GnuCash is breaking.

On Mon, 2020-05-25 at 09:47 -0700, John Ralls wrote:
> Well, that's progress. The communication with USAA is clearly
> working.
> 
> Maybe the flatpak sandbox isn't letting GnuCash see the results from
> AQBanking. Unfortunately I don't have time to investigate this
> further today.
> 
> Regards,
> John Ralls
> 
> 
> 
> On May 25, 2020, at 9:29 AM, Jon Schewe <jpschewe at mtu.net> wrote:
> 
> John,
> 
> Using those settings got me different information in the dialog.
> However I still don't have an option to associate the accounts. When
> I close the dialogs I'm back to "Start Online Banking Wizard" and the
> match step is still grey.
> 
> 11:24:16 Saving communication log to 1
> 11:24:16 Sending request...
> 11:24:16 Using GnuTLS default ciphers.
> 11:24:16 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-
> GCM:AEAD
> 11:24:16 Waiting for response...
> 11:24:17 Saving communication log to 1
> 11:24:17 Parsing response...
> 11:24:17 Status for signon request: Success (Code 0, severity "INFO")
> The server successfully processed the request.
> 11:24:17 Status for account info request: Success (Code 0, severity
> "INFO")
> The server successfully processed the request.
> 11:24:17 Received account XXXXXXXXX/XXXXXXXXXX ((no bank
> name)/ACCOUNT)
> 11:24:17 Received account XXXXXXXXX/XXXXXXXXXX ((no bank
> name)/ACCOUNT)
> 11:24:17 Received account (no bank code)/XXXXXXXXXXXXXXXX ((no bank
> name)/ACCOUNT)
> 11:24:17 Operation finished, you can now close this window.
> 
> Jon
> 
> On Mon, 2020-05-25 at 09:09 -0700, John Ralls wrote:
> 
> Jon,
> 
> The Application Settings I use for USAA are
> Application ID: QWIN
> Application Version: 2200
> Header Version: 102
> 
> In Special Settings:
> HTTP Version, Client UID, and Security Type are blank, Force SSLv3
> and Send Short Date are checked, and Send Empty Bank ID and Send
> Empty FID are unchecked.
> 
> Another user had trouble with USAA because he had entered a Client
> UID on the User Settings page, so make sure that's blank too.
> 
> Yes, SSL v3 is less secure than TLS, but it's better than sending the
> data in the clear, and yes, the authentication that USAA uses on OFX
> DirectConnect is less than ideal.
> 
> Regards,
> John Ralls
> 
> 
> On May 25, 2020, at 8:59 AM, Jon Schewe <jpschewe at mtu.net> wrote:
> 
> Alan,
> 
> Thanks for the suggestion. I tried not setting any special settings
> and
> make sure the SSL v3 is unchecked. Still no change.
> 
> As far as security goes, this method for getting my transactions
> appears less secure than using Web Connect. When I login to get to
> the
> Web Connect download I need to enter a one time password from my
> phone,
> but for Direct Connect I only need my PIN.
> 
> Jon
> 
> On Mon, 2020-05-25 at 11:48 -0400, Alan wrote:
> Jon,
> 
> Disable SSL v3. Info at wiki.gnucash.org is wrong. It's not secure,
> and no
> reputable financial institution should be supporting it for financial
> transactions.
> 
> As of this moment, USAA is only supporting TLS 1.2 and 1.3, which are
> secure.
> Suggest not setting any of the "special settings" options, and never
> enable SSL
> v2 or v3 for any program, except for testing with non-sensitive data.
> 
> -----Original Message-----
> From: gnucash-user
> [mailto:gnucash-user-bounces+alangnuc=bigtowers.net at gnucash.org] On
> Behalf Of
> Jon Schewe
> Sent: Monday, May 25, 2020 10:36 AM
> To: gnucash-user <gnucash-user at gnucash.org>
> Subject: [GNC] Using Quicken direct connect with USAA
> 
> I have been using the Web Connect with USAA for years and that's
> worked great.
> However now I see that they are discontinuing support for this
> feature. So I'm
> trying to setup Direct Connect. I found the instructions for setting
> up USAA at
> https://wiki.gnucash.org/wiki/OFX_Direct_Connect_Bank_Settings#USAA,
> however I'm not seeing the "Server Capabilities" tab to select the
> account list
> download options.
> 
> I'm using GnuCash 3.10 from flatpak.
> I'm on Linux.
> 
> I have the following Settings:
> "User Settings"
> User Name, User id and Client UID all set to my USAA number. I have
> tried both
> with the 00 prefix and without.
> 
> "Bank Settings"
> Broker ID: 5874
> FID: 24591
> ORG: USAA
> Server URL: https://service2.usaa.com/ofx/OFXServlet
> 
> "Application Settings"
> I've tried the default application settings and the settings that
> should be for
> Quicken 2017:
> Application ID: QWIN
> Application Version: 2600
> Header Version: 102
> 
> Under "Special Settings" I've tried HTTP Version blank, 1.0 and 1.1.
> I've checked "Force SSLv3".
> 
> When I go back to the "Bank Settings" tab I see the following after
> clicking on
> "Retrieve Account List".
> 
> 09:26:37 Sending request...
> 09:26:37 Using GnuTLS default ciphers.
> 09:26:37 TLS: SSL-Ciphers negotiated: TLS1.3:ECDHE-RSA-AES-256-
> GCM:AEAD
> 09:26:37 Waiting for response...
> 09:26:37 Operation finished, you can now close this window.
> 
> The AqBanking Setup never lets me get to the point of associating
> USAA accounts
> with GnuCash accounts. Can someone give me some pointers on what is
> wrong here?
> 
> Thank you,
> Jon
> 
> 
> 
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> To update your subscription preferences or to unsubscribe:
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> If you are using Nabble or Gmane, please see 
> https://wiki.gnucash.org/wiki/Mailing_Lists for more information.
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
> 
> 
> 
> 
> 