Using a Python script found at heartbleed-masstest/ssltest.py at master · musalbas/heartbleed-masstest · GitHub I was able to test for vulnerability in our internal SRM and ECC systems, as well as our web dispatcher, and all came up clean. However, the script is not intelligent enough to work with systems that use TCP ports other than 443 for SSL (even if you modify line 125 where it seems to hard-code 443 into the call), and other than our dispatcher our portal systems all use a mix of the SAP defaults of 50101 or 50001, depending on instance number. I'm no Python expert -- not even a novice -- so I'm not sure why changing line 125 didn't make this work. Perhaps one of you will have more luck.
Anyway, at this time I feel confident that ABAP systems (and web dispatchers) are not vulnerable. I still don't have proof positive on J2EE systems yet. It seems like it would be easier to debug the Python script than to modify a test portal to use TCP 443 instead of 50101, but for me the latter at least is something I know how to do! It just feels a bit like the proverbial bus to cross the street, if you know what I mean.