Reg Openssl issue unable to start radius version 3.0.8
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Wed Jul 1 06:49:30 CEST 2015
> On 1 Jul 2015, at 00:46, J at g@dee5h <djfueese at gmail.com> wrote:
>
> Hello,
>
> I am unable to start the freeradius due to openssl vulnerability issue.
> Please find the debug log.
>
> -----------
> Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
> 0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
> Security advisory CVE-2014-0160 (Heartbleed)
> For more information see http://heartbleed.com
> Once you have verified libssl has been correctly patched, set
> security.allow_vulnerable_openssl = 'CVE-2014-0160'
> ------------
>
>
> I have confirmed that I have applied the patch for this bug.
>
> -----------
> [root at radius raddb]# openssl version
> OpenSSL 1.0.1e-fips 11 Feb 2013
> [root at radius raddb]# rpm -q --changelog openssl | grep CVE-2014-0160
> - fix CVE-2014-0160 - information disclosure in TLS heartbeat extension
> [root at radius raddb]#
> --------------
>
>
> Is it safe to enable the allow_vulnerable_openssl = yes in radiusd.conf
No. You should do what the message says and set
allow_vulnerable_openssl = 'CVE-2014-0160'
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150701/9a155350/attachment.sig>
More information about the Freeradius-Users
mailing list