Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

• Previous message (by thread): Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
• Next message (by thread): Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Randy Bush <randy at psg.com> writes:

> you might like (thanks smb, or was it sra)
>
> openssl s_client -connect google\.com:443  -tlsextdebug 2>&1| grep 'server extension "heartbeat" (id=15)' || echo safe

protip: you have to run this from a device that actually is running
1.0.x, i.e. supports the heartbeat extension.  your desktop mac
(running 0.9.8y if you're running mavericks and haven't stomped on it
via ports; homebrew is a keg only install) WILL NOT SUFFICE and will
just sit there quietly until the http server times out (60 seconds in
my case) and then echo "safe" even when you're not.

-r

• Previous message (by thread): Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
• Next message (by thread): Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]