Date: Tue, 10 Jun 2014 17:25:38 +0100 From: Dave B <g8kbvdave@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: freeradius won't start due to heartbleed Message-ID: <53973182.19458.7050D1E@g8kbvdave.gmail.com> In-Reply-To: <201406091607450478.00F30B2B@smtp.24cl.home> References: <201406091423310190.00939C60@smtp.24cl.home>, <201406092132.28013.mark.tinka@seacom.mu>, <201406091607450478.00F30B2B@smtp.24cl.home>
next in thread | previous in thread | raw e-mail | index | archive | help
> On 6/9/2014 at 9:32 PM Mark Tinka wrote: > > |On Monday, June 09, 2014 08:23:31 PM Mike. wrote: > | > |> I'm sure I'm missing something obvious (again), but I've > |> been staring at this too long, and the solution eludes > |> me. > |> > |> Why does openssl still have the old version number? What > |> do I do next, so that radiusd will start up? > | > |Go to "radiusd.conf", look for the "# SECURITY > |CONFIGURATION" section and set: > | > | allow_vulnerable_openssl = yes > | > ============= > > > Thanks, that did the trick. 'scuse my ignorance. But though I understand how that proves the point, surely the correct fix now would be to replace the openssl libs' to a version without the vulnerability, and reset that configuration option to "no" AFIK, FBSD 10.0 was released before the HeartBleed bug was found, so unles you know you've updated it to a fixed version, there could be trouble ahead. Just curious... Dave B. (I run '9.2 release' at home, that never had the trouble, AFIK.) Rock, back under going. >><<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53973182.19458.7050D1E>