search

FiloSottile / Heartbleed

A checker (site and tool) for CVE-2014-0160
http://filippo.io/Heartbleed
MIT License
2.31k stars 465 forks source link

test ssh? #40

Closed bronze1man closed 10 years ago

bronze1man commented 10 years ago

If I use this to test ssh,it will return Uh-oh, something went wrong: tls: first record does not look like a TLS handshake

yakatz commented 10 years ago

SSH does not use the TLS extension of OpenSSL. Your keys could have been compromised through other vectors (like https or smtp) but SSH itself is not vulnerable. (SSH may use OpenSSL to generate keys, but it still should not be a problem.

ylluminate commented 10 years ago

So I have this as well on a cPanel server with CentOS 6.5 and it would seem to reason that if there is no TLS extension then we're safe. Is that correct?

bronze1man commented 10 years ago

thanks.

ylluminate commented 10 years ago

FYI, this is from the patch that cPanel already implemented and some others. Essentially they disable the TLS heartbeat and eliminate this from being a problem. A patch will come out soon to actually fix it, but for now we're safe if that happens.