> > -----Original Message-----
> > From: Matthias Apitz [mailto:g...@unixarea.de]
> > Sent: Thursday, April 10, 2014 6:41 AM
> > To: Apitz,Matthias
> > Subject: Fwd: RE: OpenSSL Security Advisory
> >
> > ----- Forwarded message from "Salz, Rich" <rs...@akamai.com> -----
> >
> > Date: Wed, 9 Apr 2014 15:43:28 -0400
> > From: "Salz, Rich" <rs...@akamai.com>
> > To: "openssl-users@openssl.org" <openssl-users@openssl.org>
> > Subject: RE: OpenSSL Security Advisory
> >
> > > Can you please post a "good" and a "bad" server example. I have
> > tested a lot of servers, including 'akamai.com', and they all show
> > HEARTBEATING at the end:
> >
> > Look at Victor's recent post about how to patch openssl/s_client to
> > make your own test. That's the simplest. My example tests only
> > for those who have disabled TLs heartbeats, which is the safest
> > thing, but not necessarily the only thing, to do.
> >
Hello,
I have instrumented an openssl 1.0.1f as posted by Victor:
guru@hein:~/openssl-1.0.1f> diff ssl/t1_lib.c.unpatched
ssl/t1_lib.c
2671c2671
< s2n(payload, p);
---
> s2n(0x4000, p);
but I still see HEARTBEATING, for example even from www.openssl.org:
guru@hein:~/openssl-1.0.1f/apps> (sleep 3 ; echo B ; sleep 3) | ./openssl
s_client -connect www.openssl.org:443
...
HEARTBEATING
DONE
Do I something wrong?
Thx
matthias
--
Matthias Apitz | /"\ ASCII Ribbon Campaign: www.asciiribbon.org
E-mail: g...@unixarea.de | \ / - No HTML/RTF in E-mail
WWW: http://www.unixarea.de/ | X - No proprietary attachments
phone: +49-170-4527211 | / \ - Respect for open standards
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
