Q: How does gotofail.com work?

When you open gotofail.com some javascript runs that scans your user agent string to find out what browser and OS you're using. That information is used to classify you into one of several categories based on your detected OS/browser combination. The classes are:

Q: Can you explain like I'm five how the bug works?

Normal SSL/TLS:

SSL/TLS with a vulnerable Apple product:

Q: What versions iOS are vulnerable?

iOS 6 from 6.0 to 6.1.5, iOS 7 from 7.0 to 7.0.5 and some beta/prerelease builds of 7.1.

Q: What versions of OS X are vulnerable?

10.9, 10.9.1 and some beta/prerelease builds of 10.9.2.

Q: What do you think about how Apple is handling the situation?

It appears that they are unwilling to release stand-alone emergency patches for security issues and instead wait until the next point release is ready. This is madness from a policy standpoint. Even worse, despite it being well known that security patches are usually quickly picked apart to make exploits, they did not synchronize the release for all affected platforms. The bug had gone undetected since late 2012, delaying the iOS update until the OS X update was ready would have caused less harm. I have been seeing Apple IP addresses hitting the site with fixed browsers identifying as OS X 10.9.2 since Saturday morning Cupertino time.

Q: Do you think the bug was an accident?

As others have said "if I wanted to backdoor Apple's SSL this is how I'd do it". It is hard for me to believe that the second "goto fail;" was inserted accidently given that there were no other changes within a few lines of it. In my opinion, the bug is too easy to exploit for it to have been an NSA plant. My speculation is that someone put it in on purpose so they (or their buddy) could sell it.

Q: Why do I get different results when I test at work vs at home?

Your IT people are paranoid and have an 'egress firewall' set up that blocks requests on weird ports. In almost all cases this will be detected and you'll see an error message.

Q: Why do I get a yellow warning in Chrome/Firefox but green in Safari?

Firefox only provides the major release number, for example 10.9 or 10.8, in the user agent string. You'll also see this with Chrome on iPhone if you're jailbroken and have an unofficial patch. In either case, trust whatever message is shown in Safari.

Q: Why are my results wrong if I spoof my user agent string?

The result message mention scanning your operating system and browser version, if you are spoofing your user agent string that should cue you to temporarily disable spoofing.

Q: Is there anything I can do to help?

Aside from donating (bandwidth and CPU cycles aren't free), please contact me if you run a large/popular site and would like to embed something to check your visitors.

Q: What does the backend look like?

Everything is static content to ensure that the load doesn't become a problem. The web server is vanilla nginx with a patched version of OpenSSL.

Q: Can I have the OpenSSL patch?

Save as 'gotofail.c'
To build:
gcc -shared -fPIC -o libgotofail.so gotofail.c
To use:
#define _GNU_SOURCE
int X509_check_private_key(void *a, void *b) { return 1; }