[afnog] Time to update openssl
Frankosiligi Solomon
franco.noc at gmail.com
Thu Apr 10 09:45:55 UTC 2014
Or otherwise,
Rely on checking your OpenSSL version directly and if falls under
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
On Thu, Apr 10, 2014 at 11:47 AM, Lomayani S. Laizer <lomlaizer at gmail.com>wrote:
> Yes i agree. With the site https://www.ssllabs.com also report the
> servers are ok after upgrade
>
>
> --
> Lomayani
>
>
> On Thu, Apr 10, 2014 at 11:13 AM, Hugo Lombard <hal at elizium.za.net> wrote:
>
>> On Thu, Apr 10, 2014 at 10:36:32AM +0300, Lomayani S. Laizer wrote:
>> > I tried the site and command test on same servers and they give
>> different
>> > results. site report the server is ok but command test says the server
>> is
>> > affected. which one to trust?
>> >
>>
>> The command below will give false positives if the site supports
>> hearbeats.
>>
>> > > The following should work as well:
>> > >
>> > > openssl s_client -connect google\.com:443 -tlsextdebug 2>&1|
>> grep
>> > > 'server extension "heartbeat" (id=15)' || echo safe
>> > >
>>
>> --
>> Hugo Lombard
>> .___.
>> (o,o)
>> /) )
>> ---"-"---
>>
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>
--
Frankosiligi Solomon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20140410/c39f01a5/attachment-0001.html>
More information about the afnog
mailing list