Philipp Hancke: > Since most xmpp servers will request peer certificates, the heartbleed > (http://heartbleed.com/) test script from > http://s3.jspenguin.org/ssltest.py > does not work out of the box. > > I modified it slightly so it can now detect the handshake done message > when it's after the cert request: > http://hancke.name/tmp/xssltest.py > > happy testing :-( > . >
Hi, thanks for this. Unfortunately it provided me some strange output I didn't understand. ~$ python /tmp/xssltest.py jabber.sk -p 5222 Connecting... data None data None Sending Client Hello... Waiting for Server Hello... Unexpected EOF receiving record header - server closed connection Server closed connection without sending Server Hello. I used command echo -e "quit\n" | openssl s_client -connect jabber.sk:5222 \ -starttls xmpp -tlsextdebug and searched for "TLS server extension "heartbeat" (id=15), len=1" which proved the service jabber.sk:5222 running ejabberd 2.1.10 recognize TLS1.2 heartbeat extension and could be affected if running weak openssl version. Unfortunately our server was running affected openssl version for more than 10 days and thus we decided to replace our SSL certificate. Just to make us and our users sure... -- Peter Viskup
