Ping a Specific Port

Question

Eduard Florinescu

Asked: 2014-04-10 00:57:49 +0800 CST2014-04-10 00:57:49 +0800 CST 2014-04-10 00:57:49 +0800 CST

How can I check if my embedded Linux's SSL is not affected by heartbleed, without relying on the version number?

772

There are a lot of embedded Linux device that are built on Linux, that are used exactly for security purposes, like gateways, if I check OpenSSL I get:

openssl version -a

gets -»

OpenSSL 1.0.0k 5 Feb 2013

But this maybe patched or merged and I don't have access to the sources, how can I check that my system is not vulnerable without relying on openssl version -a

2 Answers

Voted

neutrinus · Answer 1 · 2014-04-10T01:18:09+08:00

Best Answer

neutrinus

2014-04-10T01:18:09+08:002014-04-10T01:18:09+08:00

There is a perl script that allows you to check our own services. There are also online tools. One more.

3

MichelZ · Answer 2 · 2014-04-10T01:36:03+08:00

MichelZ

2014-04-10T01:36:03+08:002014-04-10T01:36:03+08:00

Qualys SSL Labs has a very good SSL Test, which features Heartbleed tests as well, and generally servers as a good point in testing your own SSL Infrastructure for stuff like Forward Secrecy, BEAST Attacks, weak protocols and whatnot. And it's free.

https://www.ssllabs.com/ssltest/

1

How can I check if my embedded Linux's SSL is not affected by heartbleed, without relying on the version number?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?