OpenSSL Security in Debian & Ubuntu since 2006

A.L.M.Buxey at A.L.M.Buxey at
Tue May 13 21:29:03 CEST 2008


thankyou Alan for your responsible reporting of this issue,
as anyone using FreeRADIUS with EAP-TLS etc will be using OpenSSL
anyone on any platform with a weak key method needs to know
this issue.

I note that various OpenSSL-using tools are being updated to detect
such weak keys - eg OpenVPN on ubuntu - and if they detect
them, they wont start (reporting a direct error about
such keys) - will FreeRADIUS also adopt this policy?


More information about the Freeradius-Users mailing list