25 Apr
2014
25 Apr
'14
7:47 a.m.
Op 25 apr. 2014 09:41 schreef "David C. Rankin" < drankinatty@suddenlinkmail.com> het volgende:
Guys,
I was testing my boxes after updating to openssl 1.0.1.g-1 with
heartbleed.c
and I am still able to grab and decrypt ssl packets. The openssl security note says 1.0.1.g is not effected by the bug, but I can still get a 64k chuck of data back from my server using the heartbleed.c test. (if I'm reading the output correctly) Am I may be doing something wrong? It is worth asking to be sure.
Probably a stupid question, but you did restart the affected daemons (or system) after the update? Otherwise, they'll be using the old lib. mvg, Guus