Can't get rid of OpenSSL-message
Philipp Trenz
mail at philipptrenz.de
Fri Sep 23 11:59:41 CEST 2016
Hi there,
I newly compiled 3.0.12 for the upcoming release, but I can't get rid of
the issue messages of openssl. openssl is already patched,
allow_vulnerable_openssl = 'CVE-2016-6304' and allow_vulnerable_openssl
= 'CVE-2014-0160' are added at the end of security {}. Running
freeradius on a CentOS 7.
Is this a bug or am I missing something?
Thanks for help!
radiusd -X last output:
Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
0x1000105f (1.0.1e release) (in range 1.0.1 dev - 1.0.1f release)
Security advisory CVE-2014-0160 (Heartbleed)
For more information see http://heartbleed.com
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2014-0160'
Refusing to start with libssl version OpenSSL 1.0.1e-fips 11 Feb 2013
0x1000105f (1.0.1e release) (in range 1.0.1 release - 1.0.1t rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information see
https://www.openssl.org/news/secadv/20160922.txt
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'
More information about the Freeradius-Users
mailing list