On 11/04/2014 12:58 AM, Viktor Dukhovni wrote: > guru@hein:~/openssl-1.0.1f/apps> (sleep 3 ; echo B ; sleep 3) | ./openssl > s_client -connect www.openssl.org:443
If you are using s_client for testing then you should add the -msg option and see what is being sent. Responding to a correctly formed heartbeat request is not an error - it is an indication that the server remains configured with heartbeat support. For example repeating that command as: (sleep 3 ; echo B ; sleep 3) | ./openssl s_client -connect www.openssl.org:443 -msg And you can see the decoded heartbeat request and response - all with legal length values - 0x12 indicating 18 bytes of payload followed by the required 16 bytes of padding all exactly adding up to match the record size (3+18+16=37 which is the 0x0025 length field). HEARTBEATING >>> ??? [length 0005] 18 03 03 00 3d >>> TLS 1.2 [length 0025], HeartbeatRequest 01 00 12 00 00 c5 3c e4 48 f7 55 a8 83 62 df 03 a7 6b c2 48 05 60 e9 48 9e c1 6e 69 f4 fd 48 60 a9 35 bd 0c c3 <<< ??? [length 0005] 18 03 03 00 3d <<< TLS 1.2 [length 0025], HeartbeatResponse 02 00 12 00 00 c5 3c e4 48 f7 55 a8 83 62 df 03 a7 6b c2 48 05 75 07 79 df 92 dd b2 3c a6 9d 73 12 54 9c 66 57 read R BLOCK A number of users have provided various tools for testing whether or not an exploit is present. None of these tools are officially supported or blessed so are all use-at-your-own-risk. A couple of the tools others have mentioned already on this list are: https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl https://gist.github.com/robstradling/10363389 There are a whole range of checking tools that have varying approaches to how they test. Understanding what each tool does is important to understanding the effectiveness of their results in terms of claiming vulnerable or not vulnerable to the issue. Most people I've interacted with are using a combination of tools. The appropriate response to the issue is to follow the advice in the advisory - either move to a version with the patch for the defect applied or move to a version where the heartbeat code has been removed completely via compilation of the library with -DOPENSSL_NO_HEARTBEATS. If you connect to a site which does not support heartbeat (compiled out) then you will get something like this: HEARTBEATING 140153106511512:error:1413B16D:SSL routines:tls1_heartbeat:peer does not accept heartbearts:t1_lib.c:4049: >>> ??? [length 0005] 15 03 01 00 20 >>> TLS 1.0Alert [length 0002], warning close_notify 01 00 It is also possible to use the message callback function to block the response to heartbeat in application code if your library hasn't been patched. However the right solution is to fix the library via either of the methods mentioned in the advisory at https://www.openssl.org/news/secadv_20140407.txt Tim. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org