Issues starting FreeRadius virtual server.
Matthew Newton
mcn4 at leicester.ac.uk
Tue Dec 23 12:45:37 CET 2014
On Tue, Dec 23, 2014 at 11:35:04AM +0000, Nair, Suraj wrote:
> On 2.2.6, I got another error, something similar to this:
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb
> 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160
> (Heartbleed)
> And I was told that rolling back to an older version should
> solve the problem.
No, it will workaround the "problem" by introducing other security
holes. And potentially leave you with the first security problem
as well.
You need to make sure your openssl is patched for heartbleed. On
ubuntu, it's likely that you are patched, but the version number
wasn't updated. So look at the openssl release notes / changelog
to make sure that it has the heartbleed patch.
When you've confirmed that is the patched version, edit
raddb/radiusd.conf and set "allow_vulnerable_openssl = yes" in the
security section.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list