Warning about OpenSSL 1.0.2
a.cudbardb at freeradius.org
Sun Oct 11 18:01:08 CEST 2015
> On 11 Oct 2015, at 09:01, Alan DeKok <aland at deployingradius.com> wrote:
> On Oct 10, 2015, at 2:40 PM, Michael Ströder <michael at stroeder.com> wrote:
>> Which exact version of OpenSSL 1.0.2?
> I'm not sure... I haven't seen people posting which version of OpenSSL they're using.
As I said previously, tests were with OpenSSL 1.0.2d. That's likely to be the ones everyone is using, because, as I said previously, the main exposure to OpenSSL 1.0.2 is through homebrew, and people building it themselves.
>> I'm asking because I'm running FreeRADIUS 3.0.10 (formerly 3.0.9) on openSUSE
>> Tumbleweed (x86_64 and armv6l) with package openssl-1.0.2d-1.1 using
>> EAP-TTLS/PAP without issue.
>> Maybe you're hitting the HMAC ABI incompatibility?
>> It was fixed in 1.0.2c:
> I don't think so. But who knows...
As I said previously, OpenSSL 1.0.2d does not fix the problem.
You might want to read what I wrote before contributing to the dialogue?
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users