Date: Tue, 10 Jun 2014 15:13:45 -0400 From: "Mike." <the.lists@mgm51.com> To: freebsd-questions@freebsd.org Subject: Re: freeradius won't start due to heartbleed Message-ID: <201406101513450811.0139394E@smtp.24cl.home> In-Reply-To: <53973182.19458.7050D1E@g8kbvdave.gmail.com> References: <201406091423310190.00939C60@smtp.24cl.home> <201406092132.28013.mark.tinka@seacom.mu> <201406091607450478.00F30B2B@smtp.24cl.home> <53973182.19458.7050D1E@g8kbvdave.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/10/2014 at 5:25 PM Dave B wrote: |> On 6/9/2014 at 9:32 PM Mark Tinka wrote: |> |> |On Monday, June 09, 2014 08:23:31 PM Mike. wrote: |> | |> |> I'm sure I'm missing something obvious (again), but I've |> |> been staring at this too long, and the solution eludes |> |> me. |> |> |> |> Why does openssl still have the old version number? What |> |> do I do next, so that radiusd will start up? |> | |> |Go to "radiusd.conf", look for the "# SECURITY |> |CONFIGURATION" section and set: |> | |> | allow_vulnerable_openssl = yes |> | |> ============= |> |> |> Thanks, that did the trick. | | |'scuse my ignorance. | |But though I understand how that proves the point, surely the correct fix |now |would be to replace the openssl libs' to a version without the |vulnerability, and |reset that configuration option to "no" | [ snip] ============= My FreeBSD install was fully patched with all the openssl patches to date. However, those patches do not change the openssl version number. Since freeradius works off the openssl version number, and not whether I installed the patches, the "allow_vulnerable_openssl" configuration parameter allows me to instruct freeradius to "trust me" about openssl being OK to use. I view it as a short-term workaround.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201406101513450811.0139394E>