OpenSSL leaks server-Keys / The Heartbleed Bug
itpp2012
nginx-forum at nginx.us
Mon Apr 14 19:03:54 UTC 2014
Fyi. if you are running a ssl tunnel like stunnel with openssl 0.9.x, this
attack is logged as "SSL3_GET_RECORD:wrong version number" as opposed to no
nginx/openssl logging.
If you have logging going back 2 years and you are seeing these log entries
now, you may be able to detect attacks from before 7-4-2014.
Here we have many stunnels with openssl 0.9.x and found the first attacks
at: 2014.04.08 22:19:14 (CET) in more then 2 years of logging.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249102,249288#msg-249288
More information about the nginx
mailing list