16 Apr
2014
16 Apr
'14
11:03 a.m.
Maja Wolniewicz wrote:
I'm testing the v3.0.x branch - FreeRADIUS Version 3.1.0 (git #21acbbf)
That isn't the v3.0.x branch. 3.1.0 is the "master" branch.
rpm -q --changelog openssl | grep CVE-2014-0160 - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
I'm getting Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x01000105f (1.0.1e-15) (in range 1.0.1-0 - 1.0.1f-15)
Yes. And if you read the NEXT message that the server prints out, it tells you how to work around the issue. There is no way for FreeRADIUS to tell that OpenSSL has been fixed. You have to configure the server to accept the problematic version of OpenSSL. Alan DeKok.