NETLAB+ AE and NETLAB+ PE servers use OpenSSL 0.9.8 to communicate with the VMware vSphere API. NETLAB+ is an SSL client in this case. This version of OpenSSL is not vulnerable to the Heartbleed CVE-2014-0160 vulnerability.
Inbound HTTPS/SSL (tcp 443) is currently not enabled on NETLAB+ servers. As discussed in my previous posts, we will support inbound HTTPS/SSL encryption of the NETLAB+ web interface in a future release. This feature will use an OpenSSL library that is not vulnerable to Heartbleed.
