TechQA.

Linking with OpenSSL fails with Heartbleed security advisory even after upgrading it

3.1k views Asked by At

while running radius server in debugging mode by using the command radiusd -X, i got a problem like this

the error is shown as below:

Refusing to start with libssl version OpenSSL 1.0.1f 6 Jan 2014 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com

the installed openssl version is shown below:

OpenSSL 1.0.1g 7 Apr 2014

eventhough i installed/updated OpenSSL 1.0.1g, i got an error called heartbleed. i stucked in this problem ,could any one help me out of this???

openssl radius heartbleed-bug
Original Q&A
2

There are 2 answers

0
Arran Cudbard-Bell On

It's not picked up your installed version. You'll need to re-run configure and recompile (if building form source). Verify all other versions have been removed, or pass --with-openssl-include-dir --with-openssl-lib-dir to configure to specify explicit paths.

The debian packages for 3.0.4 already have patches which check for the correct debian packaged version, and alter the config files to ignore the check.

6
Abhay Chennagiri On

Try this

    cd /usr/local/etc/raddb
    vi radiusd.conf

Somwhere in the line no 480 odd in the security subsection, You will find a line like this

    allow_vulnerable_openssl = no

Change it to 

    allow_vulnerable_openssl = yes

Related Questions in OPENSSL

Related Questions in RADIUS

Related Questions in HEARTBLEED-BUG

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions