Can't get rid of OpenSSL-message

Stefan Winter stefan.winter at restena.lu
Mon Sep 26 11:25:54 CEST 2016


Hi,

should have attached to this thread I guess. I have the same problem, on
the same CentOS.

And I did set only the most recent one, previous incarnation commented
out. In my raddb folder:

# grep CVE *

radiusd.conf:#  allow_vulnerable_openssl = 'CVE-2014-0160'
radiusd.conf:   allow_vulnerable_openssl = 'CVE-2016-6304'

?

Greetings,

Stefan Winter

Am 23.09.2016 um 12:18 schrieb Arran Cudbard-Bell:
> 
>> On 23 Sep 2016, at 13:59, Philipp Trenz <mail at philipptrenz.de> wrote:
>>
>> Hi there,
>>
>> I newly compiled 3.0.12 for the upcoming release, but I can't get rid of the issue messages of openssl. openssl is already patched, allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl = 'CVE-2014-0160' are added at the end of security {}. Running freeradius on a CentOS 7.
>> Is this a bug or am I missing something?
>>
> Set the latest one, not both...
> 
> -Arran
> 
> 
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-- 
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
2, avenue de l'Université
L-4365 Esch-sur-Alzette

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160926/49a2891c/attachment.sig>


More information about the Freeradius-Users mailing list