freeradius 3.0.13 refusing to start with Heartbleed-unaffected OpenSSL version

Alan DeKok aland at
Thu Apr 20 16:05:07 CEST 2017

On Apr 20, 2017, at 9:56 AM,  Konstantin Knaab-Hinrichs via Freeradius-Users <freeradius-users at> wrote:
> having trouble getting radiusd to work because of openssl:
> CLI debugging:
> root@$HOSTNAME:/etc/raddb# openssl version
> OpenSSL *1.0.2k*  26 Jan 2017
> ...
> Debugger not attached
> Refusing to start with libssl version OpenSSL 1.0.1t  3 May 2016 0x1000114f
> (1.0.1t release) (in range 1.0.1 release - 1.0.1t rule)

  You have multiple versions of OpenSSL installed on your system.  Don't do that.

  FreeRADIUS doesn't magically detect OpenSSL 1.0.1t when you actually have 1.0.2k installed.  It detects 1.0.1t because 1.0.1t *is* installed, and *is* being used by FreeRADIUS.

> Do I have to recompile FreeRADIUS after a new installation of OpenSSL?

  Yes.  Because of historic issues with OpenSSL breaking their APIs in minor releases.

  OpenSSL is fixing their APIs.  We will likely relax this check for OpenSSL 1.1.0 and later.

  Alan DeKok.

More information about the Freeradius-Users mailing list