14 Apr
2015
14 Apr
'15
7:55 a.m.
Hello Alan, This message was for me? BR 2015-04-14 10:00 GMT+02:00 Alan Buxey <A.L.M.Buxey@lboro.ac.uk>:
Either upgrade your openssl and rebuild against that version or, if you believe or know that your openssl is good/safe against that CVE issue (distros patch their versions but don't update the version) then simply state
allow_vulnerable_openssl = 'CVE-2014-0160'
In the security section of radius.conf as per the debug output and docs
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html