Warnings about OpenSSL 1.0.1f and 1.0.1g
Alan DeKok
aland at deployingradius.com
Mon Dec 14 14:59:33 CET 2015
On Dec 14, 2015, at 8:56 AM, Adam Bishop <Adam.Bishop at jisc.ac.uk> wrote:
> CentOS 7.2 is using OpenSSL 1.0.1e out of the box so *should* be unaffected...
Hopefully.
> Is there a test for this issue (in the test suite or with eapol_test/radtest etc.) so I can make sure RedHat haven't helpfully backported the bug?
Jouni Malinin had a test, which involved GNU TLS on the client, and some esoteric TLS methods.
i.e. the problem isn't *common*, but it's not exactly negligible, either.
Alan DeKok.
More information about the Freeradius-Users
mailing list