OpenSSL Security issues
Alan DeKok
aland at deployingradius.com
Tue Apr 8 17:22:16 CEST 2014
Arran Cudbard-Bell wrote:
> As per your suggestion there's now a security.allow_vulnerable_openssl
> configuration item which enables or disables the security check.
The checks are in v2, v3, and git "master".
From talking with Jouni Malinen (wpa_supplicant guy), he says:
"I tested with couple RADIUS authentication servers and could not
trigger the issue due to reasons
that I confirmed to be because of incorrect OpenSSL API use.."
I'm not entirely sure what that means, but I'm trying to find out.
Alan DeKok.
More information about the Freeradius-Users
mailing list