Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. After auditing, I was told that one of our server has the problem with OpenSSL. The solution is either upgrade to version 1.0.1g or later or should be recompliled with the '-DOPENSSLNOHEARTBEATS'.
Crypt::SSLeay::Version - Obtain OpenSSL version information
Exposes information provided by SSLeay_version.
By default, the module exports nothing. You can ask for each subroutine bloew to be exported to your namespace.
The date of the build process in the form 'built on: ...' if available or ``built on: date not available' otherwise.
The compiler flags set for the compilation process in the form 'compiler: ...' if available or 'compiler: information not available' otherwise.
OPENSSLDIR setting of the library build in the form 'OPENSSLDIR: ...' if available or 'OPENSSLDIR: N/A' otherwise.
The 'Configure' target of the library build in the form 'platform: ...' if available or 'platform: information not available' otherwise.
The version of the OpenSSL library including the release date.
The value of the
OPENSSL_VERSION_NUMBER macro as an unsigned integer. This value is more like a string as version information is packed into specific nibbles see
crypto/opensslv.h in the OpenSSL source and https://metacpan.org/pod/OpenSSL::Versions OpenSSL::Versions for explanation.
A. Sinan Unur
Copyright (C) 2014 A. Sinan Unur.
This program is free software; you can redistribute it and/or modify it under the terms of Artistic License 2.0.
If you are optimizing traffic on a multi tenant server network with numerous VLANs, while isolating management traffic you might encounter a problem where heartbeat packets are not visible on all interfaces.
This is common on NetScaler high availability pairs using Link Aggregation on ether-channel switch ports (in this example Cisco Switches). The following demonstrates this issue:
In most situations the heartbeat packets will stop by vLAN tagging mismatch on the switch. Review the following article for additional information: CTX109843 - How to Configure a NetScaler Appliance Using Link Aggregation to Connect Pairs of Interfaces to the Cisco Switches
The Netscaler IP is by default on native VLAN 1 (NSVLAN). This is important because the Heartbeat traffic will be Tagged with VLAN 1 on configured tagged interfaces. You will need to one of the following:
Note: Refer to CTX123172 for additional details on how to configure NSVLAN. Refer to CTX122921 for NSVLAN/VLAN configuration examples.
Important: After committing the preceding actions, you need to remove and recreate the HA pair.
CTX109013 - Troubleshooting NetScaler High Availability (HA) Issues
CTX122921- NetScaler Interface Tagging and Flow of High Availability Packets Examples