20 Jul
2015
20 Jul
'15
1:45 p.m.
On Jul 20, 2015, at 7:30 PM, Scott Pickles via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
When I installed the ldap module the first time, I was using the version of OpenSSL that shipped with CentOS. But when I fired up freeradius it was still finding/reporting a heartbleed variant.
The point is that FreeRADIUS can't know if the OpenSSL version is vulnerable or not. CentOS / RedHat have probably patched it, but it's up to *you* to check that. And then set in radiusd.conf "allow_vulnerable_openssl = yes". Alan DeKok.