On 11/04/2014 12:58 AM, Viktor Dukhovni wrote:
> guru@hein:~/openssl-1.0.1f/apps> (sleep 3 ; echo B ; sleep 3) | ./openssl
> s_client -connect www.openssl.org:443
If you are using s_client for testing then you should add the -msg
option and see what is being sent.
Responding to a correctly formed heartbeat request is not an error - it
is an indication that the server remains configured with heartbeat support.
For example repeating that command as:
(sleep 3 ; echo B ; sleep 3) | ./openssl s_client -connect www.openssl.org:443
-msg
And you can see the decoded heartbeat request and response - all with
legal length values - 0x12 indicating 18 bytes of payload followed by
the required 16 bytes of padding all exactly adding up to match the
record size (3+18+16=37 which is the 0x0025 length field).
HEARTBEATING
>>> ??? [length 0005]
18 03 03 00 3d
>>> TLS 1.2 [length 0025], HeartbeatRequest
01 00 12 00 00 c5 3c e4 48 f7 55 a8 83 62 df 03
a7 6b c2 48 05 60 e9 48 9e c1 6e 69 f4 fd 48 60
a9 35 bd 0c c3
<<< ??? [length 0005]
18 03 03 00 3d
<<< TLS 1.2 [length 0025], HeartbeatResponse
02 00 12 00 00 c5 3c e4 48 f7 55 a8 83 62 df 03
a7 6b c2 48 05 75 07 79 df 92 dd b2 3c a6 9d 73
12 54 9c 66 57
read R BLOCK
A number of users have provided various tools for testing whether or not
an exploit is present. None of these tools are officially supported or
blessed so are all use-at-your-own-risk.
A couple of the tools others have mentioned already on this list are:
https://github.com/noxxi/p5-scripts/blob/master/check-ssl-heartbleed.pl
https://gist.github.com/robstradling/10363389
There are a whole range of checking tools that have varying approaches
to how they test. Understanding what each tool does is important to
understanding the effectiveness of their results in terms of claiming
vulnerable or not vulnerable to the issue. Most people I've interacted
with are using a combination of tools.
The appropriate response to the issue is to follow the advice in the
advisory - either move to a version with the patch for the defect
applied or move to a version where the heartbeat code has been removed
completely via compilation of the library with -DOPENSSL_NO_HEARTBEATS.
If you connect to a site which does not support heartbeat (compiled out)
then you will get something like this:
HEARTBEATING
140153106511512:error:1413B16D:SSL routines:tls1_heartbeat:peer does not
accept heartbearts:t1_lib.c:4049:
>>> ??? [length 0005]
15 03 01 00 20
>>> TLS 1.0Alert [length 0002], warning close_notify
01 00
It is also possible to use the message callback function to block the
response to heartbeat in application code if your library hasn't been
patched.
However the right solution is to fix the library via either of the
methods mentioned in the advisory at
https://www.openssl.org/news/secadv_20140407.txt
Tim.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
