Can't get rid of OpenSSL-message
Hi there, I newly compiled 3.0.12 for the upcoming release, but I can't get rid of the issue messages of openssl. openssl is already patched, allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl = 'CVE-2014-0160' are added at the end of security {}. Running freeradius on a CentOS 7. Is this a bug or am I missing something? Thanks for help! radiusd -X last output: Debugger not attached Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release) Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2014-0160' Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele) Security advisory CVE-2016-6304 (OCSP status request extension) For more information see https://www.openssl.org/news/secadv/20160922.txt Once you have verified libssl has been correctly patched, set security.allow_vulnerable_openssl = 'CVE-2016-6304'
On 23 Sep 2016, at 13:59, Philipp Trenz <mail@philipptrenz.de> wrote:
Hi there,
I newly compiled 3.0.12 for the upcoming release, but I can't get rid of the issue messages of openssl. openssl is already patched, allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl = 'CVE-2014-0160' are added at the end of security {}. Running freeradius on a CentOS 7. Is this a bug or am I missing something?
Set the latest one, not both... -Arran
Hi, should have attached to this thread I guess. I have the same problem, on the same CentOS. And I did set only the most recent one, previous incarnation commented out. In my raddb folder: # grep CVE * radiusd.conf:# allow_vulnerable_openssl = 'CVE-2014-0160' radiusd.conf: allow_vulnerable_openssl = 'CVE-2016-6304' ? Greetings, Stefan Winter Am 23.09.2016 um 12:18 schrieb Arran Cudbard-Bell:
On 23 Sep 2016, at 13:59, Philipp Trenz <mail@philipptrenz.de> wrote:
Hi there,
I newly compiled 3.0.12 for the upcoming release, but I can't get rid of the issue messages of openssl. openssl is already patched, allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl = 'CVE-2014-0160' are added at the end of security {}. Running freeradius on a CentOS 7. Is this a bug or am I missing something?
Set the latest one, not both...
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 2, avenue de l'Université L-4365 Esch-sur-Alzette Tel: +352 424409 1 Fax: +352 422473 PGP key updated to 4096 Bit RSA - I will encrypt all mails if the recipient's key is known to me http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xC0DE6A358A39DC66
participants (3)
-
Arran Cudbard-Bell -
Philipp Trenz -
Stefan Winter