[170760] in North American Network Operators' Group
Re: Fwd: Serious bug in ubiquitous OpenSSL library: "Heartbleed"
daemon@ATHENA.MIT.EDU (Rob Seastrom)
Tue Apr 8 08:29:19 2014
To: Randy Bush <randy@psg.com>
From: Rob Seastrom <rs@seastrom.com>
Date: Tue, 08 Apr 2014 08:28:54 -0400
In-Reply-To: <m2r458kymf.wl%randy@psg.com> (Randy Bush's message of "Tue,
08 Apr 2014 16:35:04 +0800")
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Randy Bush <randy@psg.com> writes:
> you might like (thanks smb, or was it sra)
>
> openssl s_client -connect google\.com:443 -tlsextdebug 2>&1| grep 'server extension "heartbeat" (id=15)' || echo safe
protip: you have to run this from a device that actually is running
1.0.x, i.e. supports the heartbeat extension. your desktop mac
(running 0.9.8y if you're running mavericks and haven't stomped on it
via ports; homebrew is a keg only install) WILL NOT SUFFICE and will
just sit there quietly until the http server times out (60 seconds in
my case) and then echo "safe" even when you're not.
-r
