Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. After auditing, I was told that one of our server has the problem with OpenSSL. The solution is either upgrade to version 1.0.1g or later or should be recompliled with the '-DOPENSSLNOHEARTBEATS'.

  • SUBROUTINES

Crypt::SSLeay::Version - Obtain OpenSSL version information

Exposes information provided by SSLeay_version.

By default, the module exports nothing. You can ask for each subroutine bloew to be exported to your namespace.

openssl_built_on

The date of the build process in the form 'built on: ...' if available or ``built on: date not available' otherwise.

openssl_cflags

The compiler flags set for the compilation process in the form 'compiler: ...' if available or 'compiler: information not available' otherwise.

openssl_dir

The OPENSSLDIR setting of the library build in the form 'OPENSSLDIR: ...' if available or 'OPENSSLDIR: N/A' otherwise.

openssl_platform

The 'Configure' target of the library build in the form 'platform: ...' if available or 'platform: information not available' otherwise.

openssl_version

The version of the OpenSSL library including the release date.

Openssl no heartbeats full

openssl_version_number

The value of the OPENSSL_VERSION_NUMBER macro as an unsigned integer. This value is more like a string as version information is packed into specific nibbles see crypto/opensslv.h in the OpenSSL source and https://metacpan.org/pod/OpenSSL::Versions OpenSSL::Versions for explanation.

A. Sinan Unur <[email protected]>

Copyright (C) 2014 A. Sinan Unur.

This program is free software; you can redistribute it and/or modify it under the terms of Artistic License 2.0.

downloadWhy can't I download this file?Openssl No Heartbeats Download

Applicable Products

  • Citrix ADC

Symptoms or Error

If you are optimizing traffic on a multi tenant server network with numerous VLANs, while isolating management traffic you might encounter a problem where heartbeat packets are not visible on all interfaces.

Openssl No Heartbeats Movie

This is common on NetScaler high availability pairs using Link Aggregation on ether-channel switch ports (in this example Cisco Switches). The following demonstrates this issue:

Openssl No Heartbeats Video

In most situations the heartbeat packets will stop by vLAN tagging mismatch on the switch. Review the following article for additional information: CTX109843 - How to Configure a NetScaler Appliance Using Link Aggregation to Connect Pairs of Interfaces to the Cisco Switches​

Solution

The Netscaler IP is by default on native VLAN 1 (NSVLAN). This is important because the Heartbeat traffic will be Tagged with VLAN 1 on configured tagged interfaces. You will need to one of the following:

  • make NSVLAN the native VLAN on the switch side for the interface(s) specified on 'Interfaces on which heartbeats are not seen'. With this configuration the untagged HA traffic will be allowed and not dropped by the switch.
  • make sure the NSVLAN is tagged and allow this VLAN on the switch side for the interface(s) specified on 'Interfaces on which heartbeats are not seen'. With this configuration the tagged HA traffic will be allowed and not dropped by the switch. (Review the need of -tagall option of an interface config)

Note: Refer to CTX123172 for additional details on how to configure NSVLAN. Refer to CTX122921 for NSVLAN/VLAN configuration examples.

Dopenssl_no_heartbeats

Important: After committing the preceding actions, you need to remove and recreate the HA pair.

Additional Resources

Openssl No Heartbeats Full

CTX109013 - Troubleshooting NetScaler High Availability (HA) Issues
CTX122921- NetScaler Interface Tagging and Flow of High Availability Packets Examples

Coments are closed

Most Viewed Posts

  • Heartbleed Cve
  • Invoice Premium
  • Health Sigil
  • Shinobi Life 2 Discord
  • Ios 15

Scroll to top