On 2014-04-09 at 14:26 +0200, Wolfgang Breyha wrote: > I patched my exim to detect heartbleed attacks/checks. The patch is quick and > dirty and not intended for HEAD or inexperienced users. That's why I post it > only here. Don't know the impact of setting a tls_msg_callback on the > performance yet.
Note that to have a detection feature of "someone tried it", we'd probably also want support in GnuTLS to detect the attack probes. But otherwise, I'm happy with this as an EXPERIMENTAL_HEARTBLEED_DETECT feature, as long as we're clear that the goal is to remove it down the line, instead of integrate it. I also think that you'll get a lot of noise in the logs, akin unto web-server logs recording people searching for exploitable PHP scripts. Probably of most use for Universities who want to be able to have someone in Security knock on a student's door to have a quiet discussion about wise decisions and their future. Probably best to just deploy a fixed OpenSSL and verify that running "exim -d --version" shows the new OpenSSL Runtime version. -Phil -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
