Connection issues with Android Marshmallow
Tod A. Sandman
sandmant at rice.edu
Fri Oct 16 14:20:04 CEST 2015
> Are you able to update to RHEL 6.7?
Not at the moment. Our radius servers are also our campus DNS and DHCP servers. All the more reason to keep them updated, but round here ....
> My suggestion would be to get OpenSSL updated therefore and to try again.
Last night I built freeradius-2.2.9 on a RHEL6.4 box with openssl-1.0.1e-42.el6.x86_64.
So my build openssl went from
openssl-1.0.0-27.el6_4.2.x86_64 -> openssl-1.0.1e-42.el6.x86_64
I also upgraded openssl on the radius server:
openssl-1.0.1e-16.el6_5.7.x86_64 -> openssl-1.0.1e-42.el6.x86_64
This morning I tried to fire up the new radius build on one of the radius servers but ran into the openssl check:
Oct 16 06:41:31 net3 radiusd[5251]: Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed)
Oct 16 06:41:31 net3 radiusd[5251]: For more information see http://heartbleed.com
I recall we updated to openssl months ago due to heartbleed and am surprised an update of that update has re-introduced it.
I'm also surprised "openssl version" shows the same string for both openssl-1.0.1e-16.el6_5.7.x86_64 and openssl-1.0.1e-42.el6.x86_64:
root at net4:/etc/opt/freeradius> rpm -qf /usr/bin/openssl
openssl-1.0.1e-16.el6_5.7.x86_64
root at net4:/etc/opt/freeradius> /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
root at net3:/opt/opt.CORE> rpm -qf /usr/bin/openssl
openssl-1.0.1e-42.el6.x86_64
root at net3:/opt/opt.CORE> /usr/bin/openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
More information about the Freeradius-Users
mailing list