freeradius 3.0.13 refusing to start with Heartbleed-unaffected OpenSSL version

 Konstantin Knaab-Hinrichs paradonym at
Thu Apr 20 15:56:41 CEST 2017

having trouble getting radiusd to work because of openssl:

CLI debugging:

root@$HOSTNAME:/etc/raddb# openssl version
OpenSSL *1.0.2k*  26 Jan 2017
root@$HOSTNAME:/etc/raddb# cat radiusd.conf | grep allow_vulnerable
        #  allow_vulnerable_openssl: Allow the server to start with
       * allow_vulnerable_openssl = yes*
root@$HOSTNAME:/etc/raddb# hostnamectl
   Static hostname: $HOSTNAME
         Icon name: computer-vm
           Chassis: vm
        Machine ID: $CENSORED
           Boot ID: $CENSORED
    Virtualization: vmware
  Operating System: Debian GNU/Linux 8 (jessie)
            Kernel: Linux 3.16.0-4-amd64
      Architecture: x86-64
root@$HOSTNAME:/etc/raddb# radiusd -X
FreeRADIUS Version 3.0.13


Debugger not attached
Refusing to start with libssl version OpenSSL 1.0.1t  3 May 2016 0x1000114f
(1.0.1t release) (in range 1.0.1 release - 1.0.1t rele)
Security advisory CVE-2016-6304 (OCSP status request extension)
For more information see
Once you have verified libssl has been correctly patched, set
security.allow_vulnerable_openssl = 'CVE-2016-6304'

The same error message when entering allow_vulnerable_openssl =
'CVE-2016-6304' in radiusd.conf

No matter what I search for - every search results in something similar

Do I have to recompile FreeRADIUS after a new installation of OpenSSL?


More information about the Freeradius-Users mailing list