Topic: USAA SSL error using PocketSense Python Scripts ver 180528

About two weeks ago my OFX connection to USAA banking and investment accounts began failing.  Here on OFXHome, it shows that USAA is Validated successfuly as of 180625. However, when I try Ofxget, it fails too.  So I suspect there is a problem.

I use PocketSense Python Scripts to download OFX transaction data into MS Money Sunset edition.  Here is the message I get when I try to download transactions:

USAA FEDERAL SAVINGS BANK : 00XXXXXXXX : Getting records since:  20180610
** An ERROR occurred sending POST request to service2.usaa.com
   Exception type  : <class 'ssl.SSLError'>
   Exception val   : [Errno 1] _ssl.c:499: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

USAA IMCO MUTUAL FUNDS : 000XXXXX : Getting records since:  20180610
** An ERROR occurred sending POST request to service2.usaa.com
   Exception type  : <class 'ssl.SSLError'>
   Exception val   : [Errno 1] _ssl.c:499: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

Any thoughts on how to solve this problem?
Thank you.  Simada

Re: USAA SSL error using PocketSense Python Scripts ver 180528

I can confirm the same behavior you see though. Accessing anything related to accounts seems to be broken. Your best bet is to contact USAA -- it is likely an issue with their OFX server.

The USAA OFX servers are responding when being profiled which means they'll still show as validating according to OFX Home. For example, this request succeeds:

OFXHEADER:100
DATA:OFXSGML
VERSION:102
SECURITY:NONE
ENCODING:USASCII
CHARSET:1252
COMPRESSION:NONE
OLDFILEUID:NONE
NEWFILEUID:NONE

<OFX>
<SIGNONMSGSRQV1>
<SONRQ>
<DTCLIENT>20180625221413.000[-8:PST]
<USERID>anonymous00000000000000000000000
<USERPASS>anonymous00000000000000000000000
<LANGUAGE>ENG
<FI>
<ORG>USAA
<FID>24592
</FI>
<APPID>QWIN
<APPVER>1700
</SONRQ>
</SIGNONMSGSRQV1>
<PROFMSGSRQV1>
<PROFTRNRQ>
<TRNUID>0F7418F4-27DD-4ED1-968E-60D792642CA0
<PROFRQ>
<CLIENTROUTING>MSGSET
<DTPROFUP>19970101
</PROFRQ>
</PROFTRNRQ>
</PROFMSGSRQV1>
</OFX>

Re: USAA SSL error using PocketSense Python Scripts ver 180528

Thanks Jesse, I will contact USAA.  Meanwhile I tried to troubleshoot the error message and found that it may be related to an effort to remove weak cryptographic standards such as TLSv1/TLSv1.1.  Some internet sites such as GitHub <https://githubengineering.com/crypto-removal-notice/> are forcing an upgrade to TLSv1.2,  and clients using the older standards now get this error message.  Don't know that it applies to USAA but I will feed back what I find.
Cheers, Simada

Re: USAA SSL error using PocketSense Python Scripts ver 180528

Problem solved.  I upgraded to Python 2.7.15 which supports OpenSSL TLSv1.2.  Now the PocketSense python scripts successfully download banking and investment transactions from the USAA OFX server.  Cheers, Simada

Re: USAA SSL error using PocketSense Python Scripts ver 180528

The PCI Data Security Standard requires dropping TLS 1.0 for any companies handling credit card transactions. Basically all FIs, regardless of credit card issuance, follow PCI, so all OFX servers *should* require at least TLS 1.1 as of July 1st. Though, plenty of companies adopted this months earlier.

https://www.forbes.com/sites/thesba/201 … 1fe1a67408

-Steven