From owner-freebsd-questions@FreeBSD.ORG  Tue Apr  8 12:44:25 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 743733D0
 for <freebsd-questions@freebsd.org>; Tue,  8 Apr 2014 12:44:25 +0000 (UTC)
Received: from dresden.asininetech.com (dresden.asininetech.com
 [IPv6:2600:3c00::f03c:91ff:fedb:7c00])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 48BCA1C76
 for <freebsd-questions@freebsd.org>; Tue,  8 Apr 2014 12:44:25 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by dresden.asininetech.com (Postfix) with ESMTP id A428879389;
 Tue,  8 Apr 2014 12:44:24 +0000 (UTC)
Received: from dresden.asininetech.com ([127.0.0.1])
 by localhost (dresden.asininetech.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id 5aCP_pFUe-Ip; Tue,  8 Apr 2014 12:44:23 +0000 (UTC)
Received: from [IPv6:2001:470:1d:96b:e47e:3ab:aea5:71a8] (unknown
 [IPv6:2001:470:1d:96b:e47e:3ab:aea5:71a8])
 (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by dresden.asininetech.com (Postfix) with ESMTPSA id A11967917B;
 Tue,  8 Apr 2014 12:44:23 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.8.4 dresden.asininetech.com A11967917B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=staticsafe.ca;
 s=2013; t=1396961063;
 bh=ExE9xT0MRDlqlHqsWvQFxHnpRg3H+QPTpeOBRebHJtA=;
 h=Date:From:To:CC:Subject:References:In-Reply-To;
 b=eZESYu+RRhjtsXr31BbbM0gecme18o5ei19Eo5K18h6PWJRje2C+PciHkyPyeOlDY
 /YP5ZudlxhNlrVt0h42RnkQYKapkcolRrCZQZZ5MDf3FoneZXg9wT1UPIeoiTiECsy
 Gu3AH9ypYKfk4PkfNf2W0RlYxNjHcYa3zRp4Lfqo=
Message-ID: <5343EF21.4090702@staticsafe.ca>
Date: Tue, 08 Apr 2014 08:44:17 -0400
From: staticsafe <me@staticsafe.ca>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.4.0
MIME-Version: 1.0
To: =?ISO-8859-1?Q?Matheus_Weber_da_Concei=E7=E3o?=
 <matheuswcon@gmail.com>
Subject: Re: OpenSSL TLS Heartbeat Security Issue
References: <20140408134425.Horde.azH0NUU2X8TUmV9kVtS2MA2@d2ux.org>
 <5343E28E.3070905@staticsafe.ca>
 <CACxFWOfq=9Zedgp-jQFPLSQE0fdnkLZQ=6F4GNi37PB38yTYqg@mail.gmail.com>
In-Reply-To: <CACxFWOfq=9Zedgp-jQFPLSQE0fdnkLZQ=6F4GNi37PB38yTYqg@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Apr 2014 12:44:25 -0000

On 4/8/2014 08:29, Matheus Weber da Conceição wrote:
> # uname -a && openssl version
> FreeBSD labxyz 10.0-RELEASE FreeBSD 10.0-RELEASE #0 r264140: Mon Apr  7
> 11:21:50 BRT 2014     root@labxyz:/usr/obj/usr/src/sys/LABXYZ  amd64
> OpenSSL 1.0.1e-freebsd 11 Feb 2013
> 
> Looks like a vulnerable OpenSSL, or the freebsd version was compiled
> without heartbleed support?
> 

Yep, vulnerable version. OpenSSL is built with heartbeat by default.
-- 
staticsafe