Heartbleed icon indicating copy to clipboard operation
Heartbleed copied to clipboard

Published 20 hours ago verified publisher icon FiloSottile

Broken pipe output shows for a website which doesn't accept Heartbit

Open ankit249 opened this issue 10 years ago • 3 comments

Hi Fillipo,

Your program gives following output for this website.

$$ > bin/Heartbleed myprint-online.com:443 2014/04/11 23:36:42 myprint-online.com:443 - ERROR: write tcp 70.91.223.11:443: broken pipe

Whereas when i send the heartbit thru openssl it says the server cannot accept heartbit connection.

$ openssl s_client -connect myprint-online.com:443

New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : AES128-SHA Session-ID: 29090000B3F468F2377A97B3837AA15E1EB19F581C67103CDA7C764190B9ECA1 Session-ID-ctx: Master-Key: 1329CF7427D367D3D8A9DA107B0EB5696A7C635E4C2B7CE84E857BB74C72CFDB5FDC38591392F0B2E8A22455D282BD70 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1397259160 Timeout : 300 (sec)

Verify return code: 0 (ok)

B HEARTBEATING 139922322958152:error:1413B16D:SSL routines:SSL_F_TLS1_HEARTBEAT:peer does not accept heartbearts:t1_lib.c:2574:

ankit249 avatar Apr 11 '14 23:04 ankit249

Your site is running Microsoft IIS and therefore is not vulnerable to an OpenSSL bug. I will submit a PR to update the README with a link to the FAQ which explains this.

yakatz avatar Apr 13 '14 14:04 yakatz

Hi Yehuda,

Thanks for your response. Is it proven or documented somewhere that all versions of latest IIS running on every possible Windows OS is not vulnerable to Heartbleed?

Also are you giving broken pipe error because of no openssl present on that server? On Apr 13, 2014 7:15 AM, "Yehuda Katz" [email protected] wrote:

Your site is running Microsoft IIS and therefore is not vulnerable to an OpenSSL bug. I will submit a PR to update the README with a link to the FAQ which explains this.

Reply to this email directly or view it on GitHubhttps://github.com/FiloSottile/Heartbleed/issues/63#issuecomment-40308517 .

ankit249 avatar Apr 13 '14 15:04 ankit249

No version of IIS uses OpenSSL (http://blogs.technet.com/b/erezs_iis_blog/archive/2014/04/09/information-about-heartbleed-and-iis.aspx).

The broken pipe error is just a side effect of the IIS implementation of SSL.

yakatz avatar Apr 13 '14 20:04 yakatz