[GNC] AqBanking "Select a Bank" just hangs

Tue Dec 2 17:54:00 EST 2025

John,

All the OFX network communication is performed over https.  The 
authentication method is basic but it is encrypted.  The client should 
be checking that the certificate provided by the server is valid, 
otherwise, a MITM is possible.  If the client isn't checking, that isn't 
a flaw in OFX.

Regards,

Sherlock

On 12/2/25 1:51 PM, John Ralls wrote:
> Sherlock,
> 
> OFX Direct Connect sends credentials and all data as plain text over an unencrypted and unguarded (meaning no certificates to prevent a MITM) link. How is that not completely insecure?
> 
> OFX itself is just a data stream format. Security is the job of the whatever is sending the stream.
> 
> Regards,
> John Ralls
> 
>> On Dec 2, 2025, at 11:20 AM, Sherlock <sh025622 at gmail.com> wrote:
>>
>> Hi John,
>>
>> My only issue is with your criticism of OFX security.  OFX is not "completely insecure" and there is encryption.
>>
>> FWIW, we still pull transactions regularly from four financial institutions in the US.
>>
>> Regards,
>>
>> Sherlock
>>
>>
>> On 11/30/25 1:28 PM, John Ralls wrote:
>>>> On Nov 30, 2025, at 2:43 AM, Carl Ponder via gnucash-user <gnucash-user at gnucash.org> wrote:
>>>>
>>>>
>>>> I'm running GnuCash 5.13 on Ubuntu 24.04 using the command
>>>>
>>>>    /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=gnucash
>>>>    --file-forwarding org.gnucash.GnuCash @@ %f @@
>>>>
>>>> and trying to automatically download the transactions from my checking account at Charles Schwab and VISA transactions from Bank of America.
>>>> Using the menu
>>>>
>>>>    Apps -> Office -> GnuCash -> Accounts -> Charles Schwab -> Tools ->
>>>>    Online Banking Setup -> Start AqBanking Setup -> Create User ->
>>>>    Select a Bank
>>>>
>>>> I get a pane where I can enter the name "Charles Schwab" or "Bank of America", but then it just hangs.
>>>> Also the letters show up slowly in the pane, it looks like it's trying to do a lookup as I type, but not getting anything.
>>>> This page here
>>>>
>>>>    https://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect
>>>>
>>>> mentions a https://www.ofxhome.com/  database, but as far as I can tell, this URL doesn't exist.
>>>> Does GnuCash actually support online banking?
>>> Not significantly in the USA. The one protocol we support, OFX Direct Connect, is completely insecure and so very few (maybe no) banks still offer it. The replacements are proprietary and require corporate vetting to license so it’s not possible for either GnuCash or AqBanking to implement them.
>>> Accordingly I’ve replaced https://wiki.gnucash.org/wiki/Setting_up_OFXDirectConnect with a tombstone page and put a header at the top of https://wiki.gnucash.org/wiki/OFX_Direct_Connect_Bank_Settings declaring that it’s of historical interest only.
>>> That pane where you enter the name and click a button to look up the bank does depend on ofxhome.com <http://ofxhome.com/> that no longer exists so you could set up OFX Direct Connect manually if you had a bank that did still support it. I can tell you categorically that neither Charles Schwab nor BofA do (nor does BNY Mellon, the bank that Schwab uses for their cash sweeps).
>>> Regards,
>>> John Ralls
>>