16 Oct
2015
16 Oct
'15
9:36 a.m.
On Oct 16, 2015, at 8:56 AM, Tod A. Sandman <sandmant@rice.edu> wrote:
You need to put allow_vulnerable_openssl in radiusd.conf
Thanks so much. It makes sense now: Redhat patches openssl to fix the security bugs, but the openssl "version" is never updated.
And there's no way to ask OpenSSL if it's vulnerable to the heartbeat attack. Ugh. Alan DeKok.