I was just using https://www.ssllabs.com/ to check out some financial sites:
amhfcu.org : F, supports insecure SSL 2.0
tdbank.com - A-
republictt.com/ - not the local bank.. apparently uses java..
republicbank.com - powered/provided by intuit - A-
sjfcu.online-cu.com - B - due to not supporting TLS 1.2. (used by likely a few cu)
bankofamerica.com - inconsistent - B, A-
wellsfargo.com - B - due to not supporting TLS 1.2
paypal.com - A- uses mixed content on home page.. really?
secure.ally.com - B - TLS 1.2 capped
https://www.chase.com/ - A-
hsbc.com -asks for login name on insecure website.. otherwise a B
I'm not impressed. My ~$10 a month Dreamhost account can get me a B rating (with SSL kindly provided by https://www.startssl.com/ for free). And if they were running a newer version of Debian, I think it would be an A.