Hi there, I newly compiled 3.0.12 for the upcoming release, but I can't get rid of the issue messages of openssl. openssl is already patched, allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl = 'CVE-2014-0160' are added at the end of security {}. Running freeradius on a CentOS 7. Is this a bug or am I missing something? Thanks for help! radiusd -X last output: Debugger not attached Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160' Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele) Security advisory CVE-2016-6304 (OCSP status request extension) For more information see https://www.openssl.org/news/secadv/20160922.txt Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2016-6304'