Hi, should have attached to this thread I guess. I have the same problem, on the same CentOS. And I did set only the most recent one, previous incarnation commented out. In my raddb folder: # grep CVE * radiusd.conf:# allow_vulnerable_openssl = 'CVE-2014-0160' radiusd.conf: allow_vulnerable_openssl = 'CVE-2016-6304' ? Greetings, Stefan Winter Am 23.09.2016 um 12:18 schrieb Arran Cudbard-Bell:
On 23 Sep 2016, at 13:59, Philipp Trenz <mail@philipptrenz.de> wrote:
Hi there,
I newly compiled 3.0.12 for the upcoming release, but I can't get rid of the issue messages of openssl. openssl is already patched, allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl = 'CVE-2014-0160' are added at the end of security {}. Running freeradius on a CentOS 7. Is this a bug or am I missing something?
Set the latest one, not both...
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66