Compiling with OpenSSL 1.1.1 (Alan DeKok)

Doug Wussler doug.wussler at fsu.edu
Fri Oct 19 15:59:52 CEST 2018


Just FYI, I upgraded to 3.0.17 and compiled with OpenSSL 1.1.1.  Debug info still reports UNKNOWN TLS VERSION:

     FreeRADIUS Version 3.0.17
     Copyright (C) 1999-2017 The FreeRADIUS server project and contributors

     (1) eap_peap: TLS_accept: before SSL initialization
     (1) eap_peap: <<< recv UNKNOWN TLS VERSION ?0304? [length 0092] 
     (1) eap_peap: TLS_accept: SSLv3/TLS read client hello

I should also mention that when using OpenSSL 1.1.1 the executable will not launch without this setting in radiusd.conf:

        allow_vulnerable_openssl = CVE-2016-6304

which should not be necessary with 1.1.1.

Also, if interested, when attempting to compile with config setting "--without-dhcp" the compilation fails with:

CC src/main/radattr.c
build/objs/src/main/radattr.o: In function `process_file':
/downloads/freeradius-server-3.0.17/src/main/radattr.c:842: undefined reference to `fr_dhcp_decode_options'
/downloads/freeradius-server-3.0.17/src/main/radattr.c:813: undefined reference to `fr_dhcp_encode_option'
collect2: error: ld returned 1 exit status
make: *** [build/bin/local/radattr] Error 1

This information is not intended as a complaint.  I love the freeradius application and am very appreciative of
all the work that goes into it.  The efforts and responsiveness of both the development team and the community
are extremely robust and helpful.

Doug


    On Oct 18, 2018, at 10:09 AM, Doug Wussler <doug.wussler at fsu.edu> wrote:
    > 
    > Compiling FreeRADIUS v 3.0.15 with OpenSSL 1.1.1 works just fine.
    > Just thought you might like to know the debug info reports an UNKNOWN TLS VERSION:
  
      Upgrade to 3.0.17.  
      Alan DeKok.
        




More information about the Freeradius-Users mailing list