How to Tell If You’re Vulnerable to Heartbleed

April 10, 2014
Kevin Lam

A major security bug was reported this week in OpenSSL, the open-source cryptographic library used by many Web sites around the world.  The bug was nick-named “heartbleed” and is estimated to impact about 2/3rds of all Web sites.

Plenty of sites that talk about the bug, but not so many on how to tell if you’re vulnerable. In this article I’ll show you an easy Web-based way to tell if you or your organization is vulnerable or not.

How to Tell If You’re Vulnerable to Heartbleed

To see if your systems are affected by this bug you can use the SSL Test Web page at Qualys for free:

Simply, enter your SSL-enabled Web site, select “Do not show these results on the boards” and click the Submit button.


Let the test run and you should see a result like the one below. The screenshot is the result of a test we ran against our own production servers. Anything less than an A+ rating should raise alarms. And in particular, you want to see the indicator that your Web site is resistant to the Heartbleed bug.


Thanks for reading, feel free to ping us if you have any questions and see you next Friday

Kevin Lam signature