You don't need to take the vendors word for it. You can test yourself with;
https://github.com/FiloSottile/Heartbleed
On Tue, Apr 8, 2014 at 5:17 PM, Michael Garrison mcgarr@umich.edu wrote:
We asked support and some of our very helpful NetApp folks earlier today and received the following bug IDs:
815987 - A public report should be prepared to indicate that this is not applicable to existing releases as no version of ONTAP ships with OpenSSL 1.0.1x.
795741 CVE-BUNDLE-OPENSSL: Upgrade OCUM 6.x OpenSSL to 1.0.1g
795814 CVE-BUNDLE-OPENSSL: Upgrade OPM (post-1.0) OpenSSL to 1.0.1g
795466 is for OCUM 5.2XX
So ONTAP isn't vulnerable, but other things like OCUM are.
Hope that helps, Mike Garrison
On Tue, Apr 8, 2014 at 5:08 PM, Douglas Siggins siggins@gmail.com wrote:
Greetings, Looking for a quick way to determine what versions of SSL are in use in DOT (7-mode). I could not find anything specific.
I assume the version of SSL is probably not 1.0.1 - 1.0.1f on the Netapps. Anyone have any ideas where to look? _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters
Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters