sfjcpu
asked on
Barracuda SSLVPN Heartbleed Vulnerability
Does anyone have documentation that states that this device is NOT vulnerable. Barracuda support told me it was not. When I asked for documentation, they sent a "chat" conversation where they said it was not vulnerable. The model number is 180.
Thanks in advance!
Thanks in advance!
Use this popular site to test your SSLVPN appliance: http://filippo.io/Heartbleed/
I tested ours and found it was not vulnerable. Which means Barracuda does not use OpenSSL, I suppose.
I tested ours and found it was not vulnerable. Which means Barracuda does not use OpenSSL, I suppose.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I did run the SSLLABs on our Barracuda SSLVPN as well. That was also negative.
did it specify which engine responded, carlo?
a lot of ssl vpn engines use tomcat (aka coyote) which uses java crypto libraries, not openssl.
a lot of ssl vpn engines use tomcat (aka coyote) which uses java crypto libraries, not openssl.
https://www.ssllabs.com/ss
And you might want to consider installing one of the firefox or chrome plugins that give realtime display of the "heartbleed" bug whenever you visit a secure server.