From owner-freebsd-questions@FreeBSD.ORG Tue Jun 10 16:25:42 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8165379C for ; Tue, 10 Jun 2014 16:25:42 +0000 (UTC) Received: from mail-wg0-x22d.google.com (mail-wg0-x22d.google.com [IPv6:2a00:1450:400c:c00::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 151D62808 for ; Tue, 10 Jun 2014 16:25:41 +0000 (UTC) Received: by mail-wg0-f45.google.com with SMTP id l18so1740602wgh.4 for ; Tue, 10 Jun 2014 09:25:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:to:date:mime-version:subject:message-id:priority:in-reply-to :references:content-type:content-transfer-encoding :content-description; bh=ZCi8uWVoErpme1xLDDjOXdrU2aZfVyhdaUxKF76vrXE=; b=BfqATBVmtFjU+dCyDNqo5UKLVWZg/qzXpCTKJ/DUw2qgHVLww3huevsUqdtyRrtLYy OfHsiVS16RO51Twqzc5mhhTl03kIV7OVS0Sv+DPyUMmUQZ4JLO6424izMh/l4phjDjo4 NZYU8Pw+lkMyGj2hcYbx0DmuPbmefSNWUuI48MQ1H+edljcCMq/o4IDljVkVUu4RlDgs 3oifKu6TDnTuu3fPHoVfh2BsgSwgO8q5QNghLzKm6BC1cOrvj/hW2vAi+pVH563cOY4D 4ByW7+pGgeVb1GDK3kzbvSJGNFWzteaKVvcrK5JMTV1bsQenPWOswQV9GGqXCJeFGcwZ 3pLg== X-Received: by 10.194.63.196 with SMTP id i4mr43666919wjs.50.1402417540211; Tue, 10 Jun 2014 09:25:40 -0700 (PDT) Received: from [192.168.16.70] ([217.41.35.220]) by mx.google.com with ESMTPSA id f6sm21763483wiy.19.2014.06.10.09.25.38 for (version=TLSv1 cipher=RC4-SHA bits=128/128); Tue, 10 Jun 2014 09:25:39 -0700 (PDT) From: Dave B X-Google-Original-From: "Dave B" To: freebsd-questions@freebsd.org Date: Tue, 10 Jun 2014 17:25:38 +0100 MIME-Version: 1.0 Subject: Re: freeradius won't start due to heartbleed Message-ID: <53973182.19458.7050D1E@g8kbvdave.gmail.com> Priority: normal In-reply-to: <201406091607450478.00F30B2B@smtp.24cl.home> References: <201406091423310190.00939C60@smtp.24cl.home>, <201406092132.28013.mark.tinka@seacom.mu>, <201406091607450478.00F30B2B@smtp.24cl.home> X-mailer: Pegasus Mail for Windows (4.62) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Jun 2014 16:25:42 -0000 > On 6/9/2014 at 9:32 PM Mark Tinka wrote: > > |On Monday, June 09, 2014 08:23:31 PM Mike. wrote: > | > |> I'm sure I'm missing something obvious (again), but I've > |> been staring at this too long, and the solution eludes > |> me. > |> > |> Why does openssl still have the old version number? What > |> do I do next, so that radiusd will start up? > | > |Go to "radiusd.conf", look for the "# SECURITY > |CONFIGURATION" section and set: > | > | allow_vulnerable_openssl = yes > | > ============= > > > Thanks, that did the trick. 'scuse my ignorance. But though I understand how that proves the point, surely the correct fix now would be to replace the openssl libs' to a version without the vulnerability, and reset that configuration option to "no" AFIK, FBSD 10.0 was released before the HeartBleed bug was found, so unles you know you've updated it to a fixed version, there could be trouble ahead. Just curious... Dave B. (I run '9.2 release' at home, that never had the trouble, AFIK.) Rock, back under going. >><<