How can I check if my embedded Linux's SSL is not affected by heartbleed, without relying on the version number?

Question

There are a lot of embedded Linux device that are built on Linux, that are used exactly for security purposes, like gateways, if I check OpenSSL I get:

openssl version -a

gets -»

OpenSSL 1.0.0k 5 Feb 2013

But this maybe patched or merged and I don't have access to the sources, how can I check that my system is not vulnerable without relying on openssl version -a

score 3 · Accepted Answer · answered Apr 09 '14 at 09:18

3

There is a perl script that allows you to check our own services. There are also online tools. One more.

answered Apr 09 '14 at 09:18

neutrinus

1,155

score 1 · Answer 2 · answered Apr 09 '14 at 09:36

Qualys SSL Labs has a very good SSL Test, which features Heartbleed tests as well, and generally servers as a good point in testing your own SSL Infrastructure for stuff like Forward Secrecy, BEAST Attacks, weak protocols and whatnot. And it's free.

https://www.ssllabs.com/ssltest/

How can I check if my embedded Linux's SSL is not affected by heartbleed, without relying on the version number?

2 Answers2