LDAP (rlm_ldap) Version 3.0.9
Scott Pickles
scottpickles at yahoo.com
Mon Jul 20 20:36:15 CEST 2015
Ahhh, understood. Thanks.
On Monday, July 20, 2015 1:45 PM, Alan DeKok <aland at deployingradius.com> wrote:
On Jul 20, 2015, at 7:30 PM, Scott Pickles via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> When I installed the ldap module the first time, I was using the version of OpenSSL that shipped with CentOS. But when I fired up freeradius it was still finding/reporting a heartbleed variant.
The point is that FreeRADIUS can't know if the OpenSSL version is vulnerable or not. CentOS / RedHat have probably patched it, but it's up to *you* to check that.
And then set in radiusd.conf "allow_vulnerable_openssl = yes".
Alan DeKok.
More information about the Freeradius-Users
mailing list