[Ach] 'Heartbleed' and OpenVPN

L. Aaron Kaplan aaron at lo-res.org
Fri Apr 11 12:12:25 CEST 2014


On Apr 8, 2014, at 12:15 PM, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:

> On 08.04.2014, at 12:07, René Pfeiffer <lynx at luchs.at> wrote:
>> 'Heartbleed' bug
> 
> Don't know enough about it yet, but testing tools of mixed quality are popping up:
> 
> Both can only test implicit SSL/TLS but not STARTTLS
> 
> For publicly reachable services (443, 465, 993, 995)
> http://filippo.io/Heartbleed/
> 
> Also for private services
> http://s3.jspenguin.org/ssltest.py
> 

Be careful with that script. It produces false negatives.

> Best regards
> Pepi
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140411/816f93af/attachment.sig>


More information about the Ach mailing list