freeradius refusing to start with libssl version OpenSSL Security advisory CVE-2014-0160 (Heartbleed)

When you start freeradius server ( ./radiusd -X  for debug mode), it will refuse to start with libssl version which is currently installed on your server. Root cause for this is “Security advisory CVE-2014-0160 (Heartbleed)”. FreeRadius 3.0.3 would not allow to start radius server if  you have openssl version in range 1.0.1 – 1.0.1f installed.

For more information see  .

Here is the steps to fix this,

1.Check current Openssl version.

openssl version -a

2.First you need to completely remove the old openssl

apt-get purge openssl
apt-get autoremove && apt-get autoclean

3. Download and compile the new open version you want

tar xzvf openssl-1.0.1g.tar.gz
cd  opemssl-1.0.1g

./Configure  OR  ./config
make install

cp /usr/local/ssl/bin/openssl /usr/bin/

4.Check Openssl version

openssl version -a

OpenSSL 1.0.1g 7 Apr 2014

5.Add “allow_vulnerable_openssl” in the “security” subsection of “radiusd.conf”

allow_vulnerable_openssl = 'CVE-2014-0160'

6. Start ./radiusd -X

All Set!! 🙂