8 Apr
2014
8 Apr
'14
11:22 a.m.
Arran Cudbard-Bell wrote:
As per your suggestion there's now a security.allow_vulnerable_openssl configuration item which enables or disables the security check.
The checks are in v2, v3, and git "master". From talking with Jouni Malinen (wpa_supplicant guy), he says: "I tested with couple RADIUS authentication servers and could not trigger the issue due to reasons that I confirmed to be because of incorrect OpenSSL API use.." I'm not entirely sure what that means, but I'm trying to find out. Alan DeKok.