Re: Finding Servers Using OpenSSL SSL/TLS

[Paul Hanson <paulh () HAAS BERKELEY EDU>]

I found the following link [0] to be helpful if electing for a proactive approach.  The following command will perform 
a basic scan on TCP443.

nmap -sS --script=ssl-heartbleed.nse -p T:443 -Pn -n -iL ListOfNetworks.txt

[0] http://rollingwebsphere.blogspot.com/2014/04/scanning-for-heartbleed-with-nmap.html

Paul 

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Pratt, 
Benjamin E.
Sent: Friday, April 11, 2014 8:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Finding Servers Using OpenSSL SSL/TLS

Good morning everyone.

The question:

What would be the best option for determining remotely whether a server utilizes OpenSSL SSL/TLS for encrypting https 
traffic?

The background:

I'm hoping the list can provide a little assistance in dealing with the aftermath of the Heartbleed vulnerability.

The good news is a scan of our campus network indicates that we are nearly fully patched. The bad news is that not all 
of the https servers utilizing OpenSSL SSL/TLS are centrally controlled. This means that we don't know which servers 
were patched before our first scan and therefore where all of the servers that were vulnerable, over the past two 
years, are located.

I am attempting to put together options that include changing out SSL certificates and notifying users of previously 
vulnerable systems to update passwords. If I am able to provide more specific information about the scope of our 
endeavor it would certainly be an added value.

Thank you,

Ben

--

Benjamin Pratt
St. Cloud State University