freeradius refusing to start with libssl version OpenSSL Security advisory CVE-2014-0160 (Heartbleed)

When you start freeradius server ( ./radiusd -X  for debug mode), it will refuse to start with libssl version which is currently installed on your server. Root cause for this is “Security advisory CVE-2014-0160 (Heartbleed)”. FreeRadius 3.0.3 would not allow to start radius server if  you have openssl version in range 1.0.1 – 1.0.1f installed.

For more information see http://heartbleed.com  .

Here is the steps to fix this,

1.Check current Openssl version.

openssl version -a

2.First you need to completely remove the old openssl

apt-get purge openssl
apt-get autoremove && apt-get autoclean

3. Download and compile the new open version you want

wget http://www.openssl.org/source/openssl-1.0.1g.tar.gz
tar xzvf openssl-1.0.1g.tar.gz
cd  opemssl-1.0.1g

./Configure  OR  ./config
make
make install

cp /usr/local/ssl/bin/openssl /usr/bin/

4.Check Openssl version

openssl version -a

OpenSSL 1.0.1g 7 Apr 2014

5.Add “allow_vulnerable_openssl” in the “security” subsection of “radiusd.conf”

allow_vulnerable_openssl = 'CVE-2014-0160'

6. Start ./radiusd -X

All Set!! 🙂

Advertisements

7 thoughts on “freeradius refusing to start with libssl version OpenSSL Security advisory CVE-2014-0160 (Heartbleed)

  1. After instalation of openssl -1.0.1g, again it showing error while running command
    /usr/local/sbin/radiusd -X
    Error : Refusing to start with libssl version OpenSSL 1.0.1f 6 Jan 2014 (in range 1.0.1 – 1.0.1f)
    Please help me.

    • make sure you completely removed old openssl and added “allow_vulnerable_openssl” in the “security” subsection of “radiusd.conf”

      allow_vulnerable_openssl = ‘CVE-2014-0160’

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s