Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.security > #493
| From | William Unruh <unruh@invalid.ca> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: heardbleed bug and openssl |
| Date | 2014-04-14 21:18 +0000 |
| Organization | A noiseless patient Spider |
| Message-ID | <lihjbc$p8l$1@dont-email.me> (permalink) |
| References | <003ee7a0-e43e-491c-935a-d8f67cbe8f15@googlegroups.com> <2bd15321-3344-4d97-ab58-784b410ea490@googlegroups.com> <dhit1bxfn.ln2@goaway.wombat.san-francisco.ca.us> <lihadn$lg1$1@dont-email.me> <pgpt1bxvg2.ln2@goaway.wombat.san-francisco.ca.us> |
On 2014-04-14, Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> wrote: > On 2014-04-14, William Unruh <unruh@invalid.ca> wrote: >>> >>> https://filippo.io/Heartbleed/ >>> >>> Or you can download source code and test your services yourself: >>> >>> https://github.com/FiloSottile/Heartbleed >>> >>> I don't currently know a way of testing libraries client-side. >> >> But if your browser does not listen on 443, this will not work even if >> your ssl library is bad. > > Of course, which is exactly why I specifically wrote "I don't currently > know a way of testing libraries client-side". Those are NOT client side, those are server side. Imap server, pop server, http server are all servers. Now if your server does not listen on 443 then you might say that it is safe anyway, except you could have opened some other port for https Also your server could server other ssl reliant stuff and the test will not find them. > >> And if you have no browser, but have say imap >> running it also will not tell you that ssl is bad. > > Actually, it can test any listener. If you point the filippo tester to > Gmail's imaps server it passes. Yes, if you happen to know the ports. Ie, it will test gmail's imap server on port 443. But that is not what imap listens to. You can tell it to test the approriate port, but most people have no idea what that is. So if you point that site to gmail's imap server, but use the default port 443, that may tell you that the site is OK but that will be pretty useless. (actually it will probably more helpfully tell you that the server does not respond on port 443. But then even valid servers often do not respond to port 443 when they are busy.) > > --keith >
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
heardbleed bug and openssl Steve Wolf <stevwolf58@gmail.com> - 2014-04-14 07:48 -0700
Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 07:55 -0700
Re: heardbleed bug and openssl Jim Beard <jdbeard@patriot.net> - 2014-04-14 15:05 +0000
Re: heardbleed bug and openssl Aragorn <thorongil@telenet.be.invalid> - 2014-04-14 17:58 +0200
Re: heardbleed bug and openssl Steve Wolf <stevwolf58@gmail.com> - 2014-04-14 08:48 -0700
Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 10:29 -0700
Re: heardbleed bug and openssl colinmarr0@gmail.com - 2014-04-14 10:48 -0700
Re: heardbleed bug and openssl "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2014-04-14 14:08 -0400
Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 18:47 +0000
Re: heardbleed bug and openssl Joe Beanfish <joebeanfish@nospam.duh> - 2014-04-15 13:36 +0000
Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 18:46 +0000
Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 12:28 -0700
Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 21:18 +0000
Re: heardbleed bug and openssl Keith Keller <kkeller-usenet@wombat.san-francisco.ca.us> - 2014-04-14 14:48 -0700
Re: heardbleed bug and openssl Jim Beard <jdbeard@patriot.net> - 2014-04-15 01:44 +0000
Re: heardbleed bug and openssl William Unruh <unruh@invalid.ca> - 2014-04-14 17:10 +0000
Re: heardbleed bug and openssl "Trevor Hemsley" <Trevor.Hemsley@mytrousers.ntlworld.com> - 2014-04-15 05:38 -0500
csiph-web