13 May
2008
13 May
'08
3:29 p.m.
hi, thankyou Alan for your responsible reporting of this issue, as anyone using FreeRADIUS with EAP-TLS etc will be using OpenSSL anyone on any platform with a weak key method needs to know this issue. I note that various OpenSSL-using tools are being updated to detect such weak keys - eg OpenVPN on ubuntu - and if they detect them, they wont start (reporting a direct error about such keys) - will FreeRADIUS also adopt this policy? alan