OpenSSL Security issues
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Tue Apr 8 21:42:39 CEST 2014
But sites (well, admins) who are unaware may enable the cache. .. It which case there should be an interlock which means they must also turn off the openssl version check safety trigger too?
As the heartbleed issue isn't as shocking as feared for freeradius is there any need for the current check to be so hard on you if you've got 1.0.1 < g installed now? (However, I'm guessing yes if you run other SSL/TLS services on the same box eg Web server since attacker can scan your memory slowly, so just protecting them from themselves)
alan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/mailman/private/freeradius-users/attachments/20140408/7992cb60/attachment.html>
More information about the Freeradius-Users
mailing list