1

There are a lot of embedded Linux device that are built on Linux, that are used exactly for security purposes, like gateways, if I check OpenSSL I get:

openssl version -a

gets -»

OpenSSL 1.0.0k 5 Feb 2013

But this maybe patched or merged and I don't have access to the sources, how can I check that my system is not vulnerable without relying on openssl version -a

MadHatter
  • 78,442
  • 20
  • 178
  • 229
Eduard Florinescu
  • 831
  • 5
  • 24
  • 39
  • SSH is not affected, if you mean SSL, there is a topic with 5 answers which explains how to check it. – NickW Apr 09 '14 at 09:00
  • @NickW SSH doesn't use SSL, still there could be issues with `https` and VPNs? – Eduard Florinescu Apr 09 '14 at 09:01
  • possible duplicate of [Heartbleed: are services other than HTTPS affected?](http://serverfault.com/questions/587433/heartbleed-are-services-other-than-https-affected) – Jacob Apr 09 '14 at 09:02
  • @Jacob Please read the body, I want to know how if its affected without relying on the version number... – Eduard Florinescu Apr 09 '14 at 09:04
  • You might also want to check this: http://serverfault.com/questions/587324/heartbleed-how-to-reliably-and-portably-check-the-openssl-version – Eduard Florinescu Apr 10 '14 at 05:34

2 Answers2

3

There is a perl script that allows you to check our own services. There are also online tools. One more.

neutrinus
  • 1,095
  • 7
  • 18
1

Qualys SSL Labs has a very good SSL Test, which features Heartbleed tests as well, and generally servers as a good point in testing your own SSL Infrastructure for stuff like Forward Secrecy, BEAST Attacks, weak protocols and whatnot. And it's free.

https://www.ssllabs.com/ssltest/

MichelZ
  • 11,008
  • 4
  • 30
  • 58