Both of these sites are detected as being vulnerable to CVE-2016-2107:
However, using RUB-NDS's TLS-Attacker with this syntax:
java -jar TLS-Attacker-1.2.jar padding_oracle -connect hostname:443
... only the second one appears to be. (Note that sagitta.systems is expired, but this should be unrelated to the test for CVE-2016-2017)
$ grep vulnerable *.out
sagitta.systems.out:21:57:08.679 [main] CONSOLE de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttack - sagitta.systems:443, NOT vulnerable, one message found: [
webfilter.aptalaska.net.out:22:06:11.667 [main] CONSOLE de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttack - webfilter.aptalaska.net:443, Vulnerable (?), more messages found, recheck in debug mode: [
An admin of sagitta.systems confirms that Apache on that system is linked to OpenSSL 1.0.1p, which should be patched for this vulnerability, and which is consistent with the TLS-Attacker output.