LDAP (rlm_ldap) Version 3.0.9
Alan DeKok
aland at deployingradius.com
Mon Jul 20 19:45:42 CEST 2015
On Jul 20, 2015, at 7:30 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> When I installed the ldap module the first time, I was using the version of OpenSSL that shipped with CentOS. But when I fired up freeradius it was still finding/reporting a heartbleed variant.
The point is that FreeRADIUS can't know if the OpenSSL version is vulnerable or not. CentOS / RedHat have probably patched it, but it's up to *you* to check that.
And then set in radiusd.conf "allow_vulnerable_openssl = yes".
Alan DeKok.
More information about the Freeradius-Users
mailing list