freeradius won't start due to heartbleed
Mike.
the.lists at mgm51.com
Tue Jun 10 19:13:54 UTC 2014
On 6/10/2014 at 5:25 PM Dave B wrote:
|> On 6/9/2014 at 9:32 PM Mark Tinka wrote:
|>
|> |On Monday, June 09, 2014 08:23:31 PM Mike. wrote:
|> |
|> |> I'm sure I'm missing something obvious (again), but I've
|> |> been staring at this too long, and the solution eludes
|> |> me.
|> |>
|> |> Why does openssl still have the old version number? What
|> |> do I do next, so that radiusd will start up?
|> |
|> |Go to "radiusd.conf", look for the "# SECURITY
|> |CONFIGURATION" section and set:
|> |
|> | allow_vulnerable_openssl = yes
|> |
|> =============
|>
|>
|> Thanks, that did the trick.
|
|
|'scuse my ignorance.
|
|But though I understand how that proves the point, surely the
correct fix
|now
|would be to replace the openssl libs' to a version without the
|vulnerability, and
|reset that configuration option to "no"
| [ snip]
=============
My FreeBSD install was fully patched with all the openssl patches to
date. However, those patches do not change the openssl version
number.
Since freeradius works off the openssl version number, and not
whether I installed the patches, the "allow_vulnerable_openssl"
configuration parameter allows me to instruct freeradius to "trust
me" about openssl being OK to use.
I view it as a short-term workaround.
More information about the freebsd-questions
mailing list