[afnog] Time to update openssl

Frankosiligi Solomon franco.noc at gmail.com
Thu Apr 10 09:45:55 UTC 2014


Or otherwise,

Rely on checking your OpenSSL version directly and if falls under

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

OpenSSL 1.0.1g is NOT vulnerable

OpenSSL 1.0.0 branch is NOT vulnerable

OpenSSL 0.9.8 branch is NOT vulnerable


On Thu, Apr 10, 2014 at 11:47 AM, Lomayani S. Laizer <lomlaizer at gmail.com>wrote:

> Yes i agree. With the site https://www.ssllabs.com also report the
> servers are ok after upgrade
>
>
> --
> Lomayani
>
>
> On Thu, Apr 10, 2014 at 11:13 AM, Hugo Lombard <hal at elizium.za.net> wrote:
>
>> On Thu, Apr 10, 2014 at 10:36:32AM +0300, Lomayani S. Laizer wrote:
>> > I tried the site and command test on same servers and they give
>> different
>> > results. site report the server is ok but command test says the server
>> is
>> > affected. which one to trust?
>> >
>>
>> The command below will give false positives if the site supports
>> hearbeats.
>>
>> > >         The following should work as well:
>> > >
>> > >         openssl s_client -connect google\.com:443  -tlsextdebug 2>&1|
>> grep
>> > > 'server extension "heartbeat" (id=15)' || echo safe
>> > >
>>
>> --
>> Hugo Lombard
>>    .___.
>>    (o,o)
>>    /)  )
>>  ---"-"---
>>
>
>
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog
>



-- 

Frankosiligi Solomon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20140410/c39f01a5/attachment-0001.html>


More information about the afnog mailing list