There appears to be a bug report around a false positive with testssl.sh [1] and fix [2] specific to vsftpd. This was reported after this bug report, so I am wondering if you could retest. For now I am marking this as 'incomplete', if you get newer results please mark this as 'new'.
I would also be curious to see your vsftpd.conf file to know how you are configuring it. [1] https://github.com/drwetter/testssl.sh/issues/426 [2] https://github.com/drwetter/testssl.sh/commit/d1cc7b3755478f302a5f957e2bbcaf17899951fc ** Bug watch added: github.com/drwetter/testssl.sh/issues #426 https://github.com/drwetter/testssl.sh/issues/426 ** Changed in: vsftpd (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1591552 Title: vsftpd vulnerable to heartbleed (according to testssl) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/vsftpd/+bug/1591552/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
