On 09/04/14 20:43, Salz, Rich wrote:
Can you please post a "good" and a "bad" server example. I have tested a lot of
servers, including 'akamai.com', and they all show HEARTBEATING at the end:
Look at Victor's recent post about how to patch openssl/s_client to make your
own test. That's the simplest.
Simpler still...
https://gist.github.com/robstradling/10363389
It's based on what Viktor posted, but it works without patching the
OpenSSL library code.
To compile:
$ gcc -ansi -pedantic -o heartbleed heartbleed.c -lssl -lcrypto
Examples:
$ ./heartbleed www.ibm.com:443
NOT VULNERABLE (TLS Heartbeat extension not supported by the server)
$ ./heartbleed secure.comodo.net:443
NOT VULNERABLE (TLS Heartbeat extension supported by the server)
$ ./heartbleed mail.visservansolkema.nl:443
VULNERABLE!
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
