Connection issues with Android Marshmallow

Tod A. Sandman sandmant at rice.edu
Fri Oct 16 14:20:04 CEST 2015


> Are you able to update to RHEL 6.7?

Not at the moment.  Our radius servers are also our campus DNS and DHCP servers.  All the more reason to keep them updated, but round here ....


> My suggestion would be to get OpenSSL updated therefore and to try again.

Last night I built freeradius-2.2.9 on a RHEL6.4 box with openssl-1.0.1e-42.el6.x86_64.

So my build openssl went from 

  openssl-1.0.0-27.el6_4.2.x86_64  ->  openssl-1.0.1e-42.el6.x86_64


I also upgraded openssl on the radius server:

  openssl-1.0.1e-16.el6_5.7.x86_64  ->  openssl-1.0.1e-42.el6.x86_64


This morning I tried to fire up the new radius build on one of the radius servers but ran into the openssl check:

  Oct 16 06:41:31 net3 radiusd[5251]: Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013 (in range 1.0.1 - 1.0.1f).  Security advisory CVE-2014-0160 (Heartbleed)
  Oct 16 06:41:31 net3 radiusd[5251]: For more information see http://heartbleed.com


I recall we updated to openssl months ago due to heartbleed and am surprised an update of that update has re-introduced it.

I'm also surprised "openssl version" shows the same string for both openssl-1.0.1e-16.el6_5.7.x86_64 and openssl-1.0.1e-42.el6.x86_64:

  root at net4:/etc/opt/freeradius> rpm -qf /usr/bin/openssl
  openssl-1.0.1e-16.el6_5.7.x86_64
  root at net4:/etc/opt/freeradius> /usr/bin/openssl version
  OpenSSL 1.0.1e-fips 11 Feb 2013

  root at net3:/opt/opt.CORE> rpm -qf /usr/bin/openssl
  openssl-1.0.1e-42.el6.x86_64
  root at net3:/opt/opt.CORE> /usr/bin/openssl version
  OpenSSL 1.0.1e-fips 11 Feb 2013



More information about the Freeradius-Users mailing list