When you start freeradius server ( ./radiusd -X for debug mode), it will refuse to start with libssl version which is currently installed on your server. Root cause for this is “Security advisory CVE-2014-0160 (Heartbleed)”. FreeRadius 3.0.3 would not allow to start radius server if you have openssl version in range 1.0.1 – 1.0.1f installed.
For more information see http://heartbleed.com .
Here is the steps to fix this,
1.Check current Openssl version.
openssl version -a2.First you need to completely remove the old openssl
apt-get purge opensslapt-get autoremove && apt-get autoclean3. Download and compile the new open version you want
wget http://www.openssl.org/source/openssl-1.0.1g.tar.gztar xzvf openssl-1.0.1g.tar.gz
cd opemssl-1.0.1g
./Configure OR ./config
make
make install
cp /usr/local/ssl/bin/openssl /usr/bin/
4.Check Openssl version
openssl version -aOpenSSL 1.0.1g 7 Apr 2014
5.Add “allow_vulnerable_openssl” in the “security” subsection of “radiusd.conf”
allow_vulnerable_openssl = 'CVE-2014-0160'6. Start ./radiusd -X
All Set!! 🙂
