[tor-relays] Shutting down middle relays (off-topic)

andreas at reichster.de andreas at reichster.de
Mon Jun 23 12:28:17 UTC 2014 

And i completely ignored that this is just testing for heartbleed and 
not the latest openssl cve.

so just ignore my previous mail :)

but you could check against different ports with the tripwire python 
script [1] to check if its a web-server issue or not.
i just ran it against my ORPort and it reported 'rejected early CCS'


[1] 
http://www.tripwire.com/state-of-security/incident-detection/detection-script-for-cve-2014-0224-openssl-cipher-change-spec-injection/

Am 23.06.2014 09:32, schrieb andreas at reichster.de:
> Not exactly a direct openSSL-Test, but you could check your specific
> OR-Port (or any other port you want to check) and see if it's a
> web-server related problem or not.
> 
> i find this site quite useful:
> https://filippo.io/Heartbleed/
> 
> if you are checking you OR-Port tick the: "Advanced (might cause false
> results): ignore certificates"
> 
> 
> Am 22.06.2014 21:24, schrieb Tora Tora Tora:
>> Yes, both Qualys and Tripwire tests are testing a web server's HTTPS 
>> port.
>> 
>> Yes, I do run mod_pagespeed on the web server. Alas, I get the same
>> result when I disable it and restart Apache. It is however an
>> interesting direction to investigate, since now I am thinking of
>> examining other modules as well, such as mod_ssl, etc.
>> 
>> Does anyone know of a test to run against OpenSSL directly to confirm 
>> it
>> is patched (I do not mean checking the change log)?
>> 
>> Thanks...
>> 
>> On 06/22/2014 03:52 AM, Andreas Reich wrote:
>>> At least the qualys online test is only testing port 443 - could it 
>>> be
>>> that you run your web-server on this port?
>>> If you run your web-server with e.g. mod-spdy you also have to update
>>> mod-spdy because it is built with its own openssl.
>>> 
>>> This was a problem on my server too (not fedora or Centos tough)
>>> 
>>> Regards
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list