Folks, I understand clearly enough that determining your vulnerability to Heartbleed is actually pretty straight forward, i.e. do you have and did you compile with the affect OpenSSL lib's.
However I have a few circumstances where I'd like to be able to specifically confirm or deny the bleed. I've tried taking some of the openssl s_connect variations on a theme to check a running instance of ovpn (with tls-auth disabled - just for test) but all of these tools are based upon the interaction with a TCP sockets on a WWW/Proxy server. For example I've taken this article. https://blog.ipredator.se/2014/04/how-to-test-if-your-openssl-heartbleeds.html which let's you very visibly verify if you have the issue. However I've tried this technique against OVPN running both TCP and UDP (using the -dtls1 switch on s_connect) however the negotiation of the connections never seem to reveal the same amount of SSL / TLS information that these techniques do when pointed to a web server. Any idea's on how one might be able to test specifically against a running openvpn binary. Thanks Colin ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
