手工测试SSL/TLS的脆弱性

最新推荐文章于 2024-08-14 13:00:38 发布

jamex

最新推荐文章于 2024-08-14 13:00:38 发布

阅读量2.3k

点赞数

分类专栏：网络安全

原文链接：http://bobao.360.cn/learning/detail/479.html

版权

网络安全专栏收录该内容

13 篇文章 2 订阅

订阅专栏

该文章描绘了主要的SSL/TLS (mis)配置及简单的测试你系统的脆弱性。如下为已考虑到的配置和攻击相关的内容。

SSLv2 Support

SSLv3 Support

Cipher Suites

SSL Certificates

Renegotiation

Compression

Implementation Issues

在二十年以前发布了SSLv2并且就在发布不久后，被发现其存在严重的缺陷，它允许攻击者解密并修改通信流量。在一年之后被替代为SSLv3(已发现这些问题)，但是短寿命的SSLv2仍然非常普遍。

检查远程host是否开启了SSLv2，可以使用如下命令：

1	`openssl s_client –ssl2 -connect example.com:443`

如果支持SSLv2，那么将完成握手包并且返回服务器的授权信息，如下为响应内容：

openssl s_client -ssl2 -connect 10.0.0.1:443

CONNECTED(00000003)

depth=0 /C=AU/ST=/L=/O=Context/OU=context/CN=sslserver

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=AU/ST=/L=/O=Context/OU=context/CN=sslserver

verify return:1

---

Server certificate

-----BEGIN CERTIFICATE-----

MIICnjCCAgugAwIBAgIJAPB2liVH7xRsMA0GCSqGSIb3DQEBBQUAMGwxCzAJBgNV

BAYTAkFVMREwDwYDVQQIDAhWaWN0b3JpYTESMBAGA1UEBwwJTWVsYm91cm5lMRAw

DgYDVQQKDAdDb250ZXh0MRAwDgYDVQQLDAdQbGF5cGVuMRIwEAYDVQQDDAlzc2xz

ZXJ2ZXIwHhcNMTQwMTE3MDMwNjAxWhcNMTcxMDEzMDMwNjAxWjBsMQswCQYDVQQG

EwJBVTERMA8GA1UECAwIVmljdG9yaWExEjAQBgNVBAcMCU1lbGJvdXJuZTEQMA4G

A1UECgwHQ29udGV4dDEQMA4GA1UECwwHUGxheXBlbjESMBAGA1UEAwwJc3Nsc2Vy

dmVyMIGbMA0GCSqGSIb3DQEBAQUAA4GJADCBhQJ+AJdlQF95PWaFnmN0hQd5BYUf

SALBHBDO+JkNIPj5evYEAoPql3Am6Uphv3Pxyd+scDowb7UrReH8dBltxfz0Id4V

3wpSJRdwo4Gx8xx27tLjDqbTaPKfSRWGpr0s2S2KJerr3XJvTDtWoiHN3zsx5kLU

qvKTm+3LNHp7DgwNAgMBAAGjUDBOMB0GA1UdDgQWBBS5W+orwrw8K5LuFRykGg9w

1DCanzAfBgNVHSMEGDAWgBS5W+orwrw8K5LuFRykGg9w1DCanzAMBgNVHRMEBTAD

AQH/MA0GCSqGSIb3DQEBBQUAA34AegQVwKLQseAu7krFdsrfL117Sfpk7BuucJXJ

nNbg9WRKFk5raikmp1nc5zLRZ4c6waDSX/rrT2g06IXSAJXmv5d2NYU+5YECJnY5

ApexOlQJvsunKXZdJvBC6FijyLGi8G9zbA5S++JQkXWtiiICPGF2afYI5ahBgGO2

hgE=

-----END CERTIFICATE-----

subject=/C=AU/ST=/L=/O=Context/OU=context/CN=sslserver

issuer=/C=AU/ST=/L=/O=Context/OU=context/CN=sslserver ---

No client certificate CA names sent

---

Ciphers common between both SSL endpoints:

RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5

EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5

---

SSL handshake has read 807 bytes and written 233 bytes

---

New, SSLv2, Cipher is DES-CBC3-MD5

Server public key is 1000 bit

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : SSLv2

Cipher : DES-CBC3-MD5

Session-ID: 3BD641677102DBE9BDADF9B990D2D716

Session-ID-ctx:

Master-Key: D2AAB3751263EB53BAD83453D26A09DA1F700059FD16B510

Key-Arg : DB92A6A80BF4CA4A

Start Time: 1390178607

Timeout : 300 (sec)

Verify return code: 18 (self signed certificate)

如果服务器不支持SSLv2，那么将出现握手失败错误，如下所示：

CONNECTED(00000003)

458:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

SSLv3 Support

谷歌安全团队更深入的透露道：某一攻击者可强迫客户端和服务器对SSLv3进行降级处理。即使他们将像平时那样使用TLS，也意味着应该确保完全关闭SSLv3。

测试某一系统是否支持SSLv3，可使用OpenSSL命令，如下所示：

1	`openssl s_client -ssl3 -connect google.com:443`

CONNECTED(00000003)

depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA

verify error:num=20:unable to get local issuer certificate

verify return:0

---

Certificate chain

--- Certificate details removed for brevity ---

---

New, TLSv1/SSLv3, Cipher is RC4-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : SSLv3

Cipher : RC4-SHA

Session-ID: 6E461AEAD8C1516F9D8950A9B5E735F9882BFC6EA0838D81CFD41C01A3799A41

Session-ID-ctx:

Master-Key: 7E7680640BB7E2C83CBE87342727E0D09AC10EEEB095A8C0A2501EAE80FA1C20D3F3FE4346B1234057D6D506420273FA

Key-Arg : None

Start Time: 1421296281

Timeout : 7200 (sec)

Verify return code: 0 (ok)

---

发生握手失败错误表明并不支持使用SSLv3，并且服务器并不存在漏洞（用于进行POODLE攻击。)

Cipher Suites

SSL/TLS协议的主要功能之一是允许客户端和服务器处理某一相互的可接受的"cipher suite"，在连接中使用到它。cipher suite已选用了特定的算法集，在客户端和服务器，进行密钥交换，加密和授权信息时将会使用到它们。

用类型格式描述cipher suite：

TLS_RSA_WITH_AES_128_CBC_SHA

RSA是密钥的交换算法，AES_128_CBC是加密cipher（在Cipher-Block Chaining模式中，AES使用一128位密钥操作），且SHA是Message Authentication Code (MAC)算法。

通过配置（由它的安全需求来规定)来支持cipher suites。如下指导路线通常被推荐为基础路线：

对于那些提供"perfect forward secrecy"的来说,密钥交换算法应该被限制，如Ephemeral Diffie-Hellman (DHE) 或 Ephemeral Elliptic Curve Diffie-Hellman (ECDHE)。

Cipher不应该有众所周知的加密缺陷。这排除RC4,它在许多年里一直存在缺陷且在过去的一些年里展示了比想象中更严重的脆弱性。

Cipher应使用至少一个128位的密钥(排除使用DES和Triple-DES)。

Cipher-Block Chaining (CBC)模式易于实现填充oracle攻击且应该避免使用这种模式，但重要的是它不应该被使用于SSLv3 或 TLSv1.0，因为它可导致能实现BEAST攻击的漏洞。某一可替代的是Galois Counter Mode (GCM)，它并不受这些问题和提供已授权加密的影响。

消息授权算法应该是SHA256.众所周知MD5存在缺陷且应该避免在加密时使用它，并且SHA1也有它脆弱的地方（容易实现的区域）。

三种算法，应该避免NULL/之后的设置，因为这些设置一点也不安全。"Export"算法也应该被停用，因为它们简短的长度容易让攻击者实现暴力破解攻击及其它的攻击，如：FREAK攻击。

Nmap的 "ssl-enum-ciphers" 脚本用如下方法来生产大量cipher suites：

1	`nmap --script ssl-enum-ciphers -p 443 example.com`

例如:

nmap --script ssl-enum-ciphers -p 443 10.0.0.1

Nmap scan report for 10.0.0.1

PORT STATE SERVICE REASON

443/tcp open https syn-ack

| ssl-enum-ciphers:

| SSLv3

| Ciphers (6)

| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - unknown strength

| TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA - weak

| TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 - broken

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA - unknown strength

| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong

| TLS_RSA_WITH_AES_128_CBC_SHA - strong

| TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength

| Compressors (1)

| uncompressed

| TLSv1.0

| Ciphers (6)

| TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - unknown strength

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA - strong

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA - unknown strength

| TLS_RSA_WITH_3DES_EDE_CBC_SHA - strong

| TLS_RSA_WITH_AES_128_CBC_SHA - strong

| TLS_RSA_WITH_AES_256_CBC_SHA - unknown strength

| Compressors (1)

| uncompressed

|_

当nmap将为每个支持的cipher suite给出一个加密强度时，快速的改变了SSL/TLS的安全，这意味着这些ratings应该手动审计。

SSL Certificates

可使用如下命令查看某一服务器授权的细节：

1 2	`openssl s_client -connect example.com:443 \| openssl x509 -noout -text` `This will produce output similar to the following (here PayPal's certificate is shown):`

这将输出如下（这里展示了PayPal的授权情况）：

Certificate:

Data:

Version: 3 (0x2)

Serial Number:

0e:65:41:91:6c:e8:cf:b2:9b:7b:52:71:01:05:ba:c4

Signature Algorithm: sha256WithRSAEncryption

Issuer: C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA

Validity

Not Before: Dec 12 00:00:00 2014 GMT

Not After : Dec 16 12:00:00 2016 GMT

Subject: C=US, ST=California, L=San Jose, O=PayPal, Inc., OU=PayPal Production, CN=paypal.com

Subject Public Key Info:

Public Key Algorithm: rsaEncryption

Public-Key: (2048 bit)

Modulus:

00:d5:c8:b2:65:07:ff:fb:71:0a:cf:a8:77:97:fc:

e1:a4:87:5d:79:29:03:e0:1a:5f:c2:f8:71:c9:ac:

bc:d3:16:e0:9c:2e:bb:d9:1c:5b:cc:90:7d:e3:54:

ab:53:79:50:37:63:b1:cb:68:56:ee:6a:5b:d2:10:

38:1a:35:f7:37:12:83:d9:72:51:9e:b7:f9:9c:1d:

b8:a9:e6:f3:27:bb:5b:8b:b9:be:fa:39:19:83:d9:

cd:66:69:1d:cc:8a:cb:59:b5:53:3e:ca:41:f6:ac:

89:4d:58:06:04:a5:e2:c9:94:05:26:6c:24:a6:81:

ca:4a:01:11:4c:a2:8d:83:7a:9a:2a:7d:16:93:ca:

a0:df:59:b8:e1:38:18:b2:bd:eb:77:6b:57:fb:7f:

d6:70:e1:2d:70:dd:cc:af:43:f0:de:a0:fc:2f:8e:

94:74:3c:4f:ae:ca:f6:f2:ab:09:7f:63:71:b6:27:

78:4d:f8:e1:e0:86:3a:81:9f:d4:55:45:27:ff:4d:

53:2f:99:43:28:ad:fa:c9:63:6f:64:28:36:d7:ea:

c3:00:50:88:86:a3:d0:83:ae:be:99:18:25:b2:44:

05:c6:e8:36:4a:fb:4d:ab:df:6d:0f:50:3f:80:fc:

38:ba:4c:53:c1:6d:48:22:68:7a:ed:6e:05:e4:9d:

58:ef

Exponent: 65537 (0x10001)

X509v3 extensions:

X509v3 Authority Key Identifier:

keyid:51:68:FF:90:AF:02:07:75:3C:CC:D9:65:64:62:A2:12:B8:59:72:3B

X509v3 Subject Key Identifier:

1F:54:C7:2D:0E:D3:6C:C4:63:FE:66:1C:EA:8C:50:75:3A:01:8F:DE

X509v3 Subject Alternative Name:

DNS:paypal.com, DNS:www.paypal.com

X509v3 Key Usage: critical

Digital Signature, Key Encipherment

X509v3 Extended Key Usage:

TLS Web Server Authentication, TLS Web Client Authentication

X509v3 CRL Distribution Points:

Full Name:

URI:http://crl3.digicert.com/sha2-ha-server-g3.crl

Full Name:

URI:http://crl4.digicert.com/sha2-ha-server-g3.crl

X509v3 Certificate Policies:

Policy: 2.16.840.1.114412.1.1

CPS: https://www.digicert.com/CPS

Authority Information Access:

OCSP - URI:http://ocsp.digicert.com

CA Issuers - URI:http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt

X509v3 Basic Constraints: critical

CA:FALSE

Signature Algorithm: sha256WithRSAEncryption

3d:79:69:48:5d:f6:bc:4b:5f:81:f3:97:9d:61:e5:9c:46:b9:

73:00:66:09:f1:8a:06:89:14:a3:25:ea:ba:a2:5d:ac:77:3a:

8f:6a:8a:11:9b:c3:35:67:99:9f:9d:c2:c0:ac:9f:eb:24:58:

c8:4a:be:07:31:30:8c:69:07:bc:ff:c0:5a:d1:17:c6:05:f7:

75:ca:fe:cd:98:78:43:41:ac:14:75:f7:c9:10:f4:07:38:58:

73:6a:84:58:1f:a9:31:7d:28:47:70:98:de:3f:d7:00:82:a6:

5c:2e:5d:31:96:4a:06:82:a2:a0:02:95:fd:6f:ef:66:4a:57:

50:c3:1a:84:48:26:47:73:6e:c8:d7:30:fb:75:11:d6:ee:67:

7e:d4:15:b2:44:15:ef:ee:ab:ba:81:c2:f5:05:04:d1:f3:70:

bb:96:41:03:eb:d1:e0:e4:3d:57:41:8d:3d:7a:df:f0:c1:68:

6f:43:68:e1:8d:1e:19:7e:57:aa:49:43:28:2a:f1:8c:f7:0d:

a4:6a:8c:18:75:6b:a4:cc:a7:2f:e5:21:d1:81:8c:d4:bc:f4:

00:4c:f6:37:03:a3:61:33:b2:ea:15:34:48:53:83:48:57:6c:

33:f2:b7:fb:f3:fc:ea:df:0d:d0:e2:49:01:b4:23:c9:3d:7a:

f4:42:4f:98

Renegotiation

在某一会话期间，SSL/TLS协议允许客户端和服务器重新审查新的加密密钥。2009年发现了某一漏洞，它展示了在重新审查过程中利用该缺陷的方法并将内容注入到会话起始部分，这样就攻陷了会话部分的内容。

如果满足两个条件，那么将可能发生类似事件，命名的服务器不支持安全的重新审查，但是支持已初始化客户端的重新审查。这些条件可被检查到，如下所述：

Secure Renegotiation

如下示范如何识别某一系统是否支持Secure Renegotiation：

1	`openssl s_client -connect example.com:443`

如果某一系统不支持secure renegotiation，那么在建立连接后将返回如下：

CONNECTED(00000003)

139677333890704:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 36 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : SSLv2

Cipher : 0000

Session-ID:

Session-ID-ctx:

Master-Key:

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 1428910482

Timeout : 300 (sec)

Verify return code: 0 (ok)

---

Client Initiated Renegotiation

如下命令用于识别是否支持client initiated renegotiation：

1	`openssl s_client -connect example.com:443`

一旦建立好连接，服务器将等待我们来输入下一命令。为了初始化第二行通过R定义的某一renegotiation，我们可以写入如下两行，通过进入或返回继续进行：

1	`openssl s_client -connect host:port`

HEAD / HTTP/1.0

R

<Enter or Return key>

某一系统不支持客户端（已初始化的renegotiation）将返回错误并中断连接，或连接将会超时：

1 2	`RENEGOTIATING` `write:errno=104`

某一支持客户端（已初始化的renegotiation）的系统将保持连接的活跃并响应更多的命令。

Compression

测试支持的TLS是否可压缩，并且测试其是否可实现CRIME攻击，用如下方法:

1	`openssl s_client -connect example.com:443`

在支持压缩的服务器上，某一响应类似于如下接收到的内容，其包括压缩细节。行"Compression: zlib compression" 和"Compression: 1 (zlib compression)"指明远程服务器有可实现CRIME攻击的漏洞。

---

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: zlib compression

Expansion: zlib compression

SSL-Session:

Protocol : TLSv1.1

Cipher : DHE-RSA-AES256-SHA

Session-ID: 50791A02E03E42F8983344B25C8ED4598620518D5C917A3388239AAACE991858

Session-ID-ctx:

Master-Key: 9FEDB91F439775B49A5C49342FF53C3DD7384E4AFC33F9C6AFB64EA3D639CA57253AD7D059BA54E01581AD3A73306342

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 300 (seconds)

TLS session ticket:

0000 - 34 38 24 70 35 88 4a 68-0c 80 e6 c5 76 a1 0e ee 48$p5.Jh....v...

0010 - 14 2e fb ef fa 42 f0 c1-58 ee 70 02 90 45 f4 8c .....B..X.p..E..

0020 - 7d 0b 2e 1e 71 70 b0 a2-cc 27 1b 13 29 cc f5 ee }...qp...'..)...

0030 - 84 43 98 fa b1 ae 83 dc-ff 6d aa 07 9f 7a 95 4f .C.......m...z.O

0040 - 44 68 63 21 72 d7 b9 18-97 d8 8e d7 61 7d 71 6f Dhc!r.......a}qo

0050 - a7 16 85 79 f9 a2 80 2a-b4 bc f9 47 78 6a b7 08 ...y...*...Gxj..

0060 - f6 4f 09 96 7b e8 d4 9b-26 2d 1a fd 55 fe 6a ab .O..{...&-..U.j.

0070 - fc 8d 6d 87 7a 13 e1 a9-0a 05 09 d9 ce ea fe 70 ..m.z..........p

0080 - 09 c9 5f 33 3c 5f 28 4e-20 3b 3a 10 75 c4 86 45 .._3<_(N ;:.u..E

0090 - 1d 8b c8 a5 21 89 a1 12-59 b6 0f 55 e3 48 8f 91 ....!...Y..U.H..

00a0 - 01 af 53 b6 ..S.

Compression: 1 (zlib compression)

Start Time: 1348073759

Timeout : 300 (sec)

Verify return code: 20 (unable to get local issuer certificate)

---

因为服务器已关闭了TLS压缩的功能，所以响应将会类似如下。"Compression: NONE"表明该服务器会拒绝TLS-level压缩的用法。

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

SSL-Session:

Protocol : TLSv1.2

Cipher : ECDHE-RSA-AES128-GCM-SHA256

Session-ID: 7E49EA6457B200B441A26C05F1AE9634AAF97284AC7A12EC58F69CEF5470B052

Session-ID-ctx:

Master-Key: E035F082F5545424373A546A1F76D77673E8AEE018B3F0A3AFD7A3545746013664C18E6BB69F08BFAECA6C7FB3010C9C

Key-Arg : None

PSK identity: None

PSK identity hint: None

SRP username: None

TLS session ticket lifetime hint: 100800 (seconds)

TLS session ticket:

0000 - 66 72 6f 6e 74 70 61 67-65 61 61 61 61 61 61 61 frontpageaaaaaaa

0010 - 89 55 c6 6a 92 c3 28 85-86 b0 ff c3 08 12 5a a8 .U.j..(.......Z.

0020 - f2 ec f8 56 6d d3 29 99-7b 98 90 ef 57 fd c6 15 ...Vm.).{...W...

0030 - ee a2 53 4b 43 ef 19 ee-41 25 1f 76 28 37 68 b6 ..SKC...A%.v(7h.

0040 - 64 ca e7 3f 71 01 70 30-35 91 ef bc d8 19 20 4f d..?q.p05..... O

0050 - 9d 9e 2c ab 3f 35 5c 3f-65 f8 c6 9a a9 90 fa 60 ..,.?5\?e......`

0060 - 4d 53 a1 b8 49 8c e7 61-e4 6c e1 51 8e 83 b5 25 MS..I..a.l.Q...%

0070 - bc 9a 32 d8 fa be 16 a1-ae 3d 8c 0b e3 9e e4 78 ..2......=.....x

0080 - 77 d7 91 6b a9 a0 01 2b-e1 98 33 d4 2c eb b3 84 w..k...+..3.,...

0090 - f9 da 0f fa 77 df ac d6-08 b6 34 97 07 d9 b2 58 ....w.....4....X

Start Time: 1428988675

Timeout : 300 (sec)

Verify return code: 20 (unable to get local issuer certificate)

---

BREACH

BREACH攻击类似于CRIME攻击，但是这次利用HTTP压缩的使用来推断出攻击者的请求内容。

测试服务器支持缩减还是压缩，如下步骤进行：

1	`openssl s_client -connect example.com:443`

提交如下内容将可看出服务器是否支持HTTP的压缩内容：

GET / HTTP/1.1

Host: example.com

Accept-Encoding: compress, gzip

如果响应含有编码过的数据，类似如下响应，它指明其支持HTTP压缩，因此远程host存在漏洞。

HTTP/1.1 200 OK

Server: nginx/1.1.19

Date: Sun, 19 Mar 2015 20:48:31 GMT

Content-Type: text/html

Last-Modified: Thu, 19 Mar 2015 23:34:28 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Content-Encoding: gzip

Implementation Issues

介绍看这里：Lucky-13 attack

“心脏滴血”

如下为用测试脚本测试漏洞的命令：

1	`nmap -p 443 --script ssl-heartbleed --script-args vulns.showall example.com`

类似的输出如下：

PORT STATE SERVICE

443/tcp open https

| ssl-heartbleed:

| VULNERABLE:

| The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. It allows for stealing information intended to be protected by SSL/TLS encryption.

| State: VULNERABLE

| Risk factor: High

| Description:

| OpenSSL versions 1.0.1 and 1.0.2-beta releases (including 1.0.1f and 1.0.2-beta1) of OpenSSL are affected by the Heartbleed bug. The bug allows for reading memory of systems protected by the vulnerable OpenSSL versions and could allow for disclosure of otherwise encrypted confidential information as well as the encryption keys themselves.

|

| References:

| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0160

| http://www.openssl.org/news/secadv_20140407.txt

|_ http://cvedetails.com/cve/2014-0160/

Change Cipher Spec Injection

影响版本

• OpenSSL 1.0.1 through 1.0.1g

• OpenSSL 1.0.0 through 1.0.0l

• all versions before OpenSSL 0.9.8y

使用脚本测试是否存在该漏洞：