On Tue, Apr 8, 2014 at 4:35 AM, Randy Bush <ra...@psg.com> wrote: >> I'm really surprised no one has mentioned this here yet... > > we're all to damned busy updating and generating keys > > you might like (thanks smb, or was it sra) > > openssl s_client -connect google\.com:443 -tlsextdebug 2>&1| grep 'server > extension "heartbeat" (id=15)' || echo safe
That just tells you whether the heartbeat extension is supported. Google servers are not vulnerable to this attack. - Max
