Test if you are vulnerable
You can test if you are vulnerable by requesting a heartbeat response with a large response. If the server replies your SSL service is probably vulnerable. You can use any of the tests below:
- http://filippo.io/Heartbleed/ : a web based test
- http://s3.jspenguin.org/ssltest.py : a python script to test for the vulnerability from the command line. If you want to scan multiple sites you can use a modified version with easily parseable output.
- If you use Chrome you can install the Chromebleed checker that alerts you when visiting a vulnerable site.
This vulnerability only applies to OpenSSL versions 1.0.1-1.0.1f. Other SSL libraries, such as PolarSSL, are not…
View original post 620 more words