search

FiloSottile / Heartbleed

A checker (site and tool) for CVE-2014-0160
http://filippo.io/Heartbleed
MIT License
2.31k stars 463 forks source link

Need support for STARTTLS for more SSL/TLS tests #14

Closed ydroneaud closed 10 years ago

ydroneaud commented 10 years ago

Without support for STARTTLS it's not possible to test for protocol such as SMTP, POP3, IMAP, FTP, etc. which might be able to do SSL/TLS after an initial cleartext negociation, depending on the server.

For example, openssl s_client support:

-starttls prot - use the STARTTLS command before starting TLS for those protocols that support it, where 'prot' defines which one to assume. Currently, only "smtp", "pop3", "imap", "ftp" and "xmpp" are supported.

sreimers commented 10 years ago

+1

atnpgo commented 10 years ago

+1

FiloSottile commented 10 years ago

Closed by #33

ran21man commented 10 years ago

Dear FiloSottile,

I followed your simple instructions, "Enter a URL or a hostname to test the server for CVE-2014-0160"

after typing in the URL or Host Name and I press GO it starts because you can see the blue line at the top of the screen build, but when it gets to the end it seems like it just stops or slows to a dead stop, not quite finished but there is no activity. So I ran it a few times checking the Website (URL) that I wanted to check, but no returns, no answers, nothing? Why is this happening and Please is there another way for me to check. Please help or am I doing something wrong?

Respectfully, Randy