OpenSSL leaks server-Keys / The Heartbleed Bug

lazy.dogtown · 2014-04-08T18:49:06+00:00

Hello! On Mon, Apr 7, 2014 at 7:48 AM, Jai wrote: > The trouble started when I started using keepalive handler. I have to add a > custom protocol hea...

OpenSSL leaks server-Keys / The Heartbleed Bug

lazy.dogtown

A missing bounds check in the handling of the TLS heartbeat extension
can be used to reveal up to 64k of memory to a connected client or
server.


https://www.openssl.org/news/secadv_20140407.txt
http://heartbleed.com/
http://www.reddit.com/r/netsec/comments/22gym6/diagnosis_of_the_openssl_heartbleed_bug/
http://security.stackexchange.com/search?q=heartbleed


regards,


mex

lazy.dogtown

fyi, if you want to test your servers:

https://www.mare-system.de/tools/heartbleeding/
cli-tool: https://gist.github.com/sh1n0b1/10100394


regards,


mex

2014-04-08 12:49 GMT+02:00 mex <lazy....@gmail.com>:
> A missing bounds check in the handling of the TLS heartbeat extension
> can be used to reveal up to 64k of memory to a connected client or
> server.
>
>
> https://www.openssl.org/news/secadv_20140407.txt
> http://heartbleed.com/
> http://www.reddit.com/r/netsec/comments/22gym6/diagnosis_of_the_openssl_heartbleed_bug/
> http://security.stackexchange.com/search?q=heartbleed
>
>
> regards,
>
>
> mex