LDAP (rlm_ldap) Version 3.0.9

Scott Pickles scottpickles at yahoo.com
Mon Jul 20 20:36:15 CEST 2015


Ahhh, understood.  Thanks.
 


     On Monday, July 20, 2015 1:45 PM, Alan DeKok <aland at deployingradius.com> wrote:
   

 On Jul 20, 2015, at 7:30 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> When I installed the ldap module the first time, I was using the version of OpenSSL that shipped with CentOS.  But when I fired up freeradius it was still finding/reporting a heartbleed variant.

  The point is that FreeRADIUS can't know if the OpenSSL version is vulnerable or not.  CentOS / RedHat have probably patched it, but it's up to *you* to check that.

  And then set in radiusd.conf "allow_vulnerable_openssl = yes".

  Alan DeKok.


  


More information about the Freeradius-Users mailing list