Re: Finding Servers Using OpenSSL SSL/TLS

[Cheryl O'Dell <cherylo () UNL EDU>]

Ben,

We used NMAP to quickly find all of our susceptible server  (script we got from the SANS webcast a couple of nights 
ago) and are reaching out to system owners to tell them to patch/restart/new SSL certs.

Cheryl O


Cheryl O'Dell, CISSP
Sr. Information Security Analyst
University of Nebraska/Lincoln
126 501 Building, 68588-0203
(402) 472-7851  
cherylo () unl edu

Information Technology Services
Reliable. Resourceful. Relevant.



> On Fri, Apr 11, 2014 at 11:33 AM, Pratt, Benjamin E.
> <bepratt () stcloudstate edu> wrote:
> > Good morning everyone.
> >
> > The question:
> >
> > What would be the best option for determining remotely whether a server utilizes OpenSSL SSL/TLS for encrypting 
> > https traffic?
> >
> > The background:
> >
> > I'm hoping the list can provide a little assistance in dealing with the aftermath of the Heartbleed vulnerability.
> >
> > The good news is a scan of our campus network indicates that we are nearly fully patched. The bad news is that not 
> > all of the https servers utilizing OpenSSL SSL/TLS are centrally controlled. This means that we don't know which 
> > servers were patched before our first scan and therefore where all of the servers that were vulnerable, over the 
> > past two years, are located.
> >
> > I am attempting to put together options that include changing out SSL certificates and notifying users of previously 
> > vulnerable systems to update passwords. If I am able to provide more specific information about the scope of our 
> > endeavor it would certainly be an added value.
> >
> > Thank you,
> >
> > Ben
> >
> > --
> >
> > Benjamin Pratt
> > St. Cloud State University