Thanks for this. It appears to work (on my Mac, but I get a syntax
error on Windows or Solaris for some reason).
Although, I don't have a server that has the vulnerability in order to
verify that the script is capable of detecting it.
Jesse
On 4/8/2014 12:12 PM, Philipp Hancke wrote:
Since most xmpp servers will request peer certificates, the heartbleed
(http://heartbleed.com/) test script from
http://s3.jspenguin.org/ssltest.py
does not work out of the box.
I modified it slightly so it can now detect the handshake done message
when it's after the cert request:
http://hancke.name/tmp/xssltest.py
happy testing :-(
