From owner-freebsd-questions@FreeBSD.ORG Mon Jun 9 20:07:51 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id A3651E58 for ; Mon, 9 Jun 2014 20:07:51 +0000 (UTC) Received: from oneyou.mcmli.com (oneyou.mcmli.com [IPv6:2001:470:1d:8da::100]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "oneyou.mcmli.com", Issuer "PositiveSSL CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6B9D72D38 for ; Mon, 9 Jun 2014 20:07:51 +0000 (UTC) Received: from sentry.24cl.com (unknown [IPv6:2001:558:6017:a2:a860:3073:4c46:6ac9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "sentry.24cl.com", Issuer "Mike's Certificate Authority" (verified OK)) by oneyou.mcmli.com (Postfix) with ESMTPS id 3gnQVs15W9z1DPw for ; Mon, 9 Jun 2014 16:07:49 -0400 (EDT) Received: from BigBloat (bigbloat.24cl.home [10.20.1.4]) by sentry.24cl.com (Postfix) with ESMTP id 3gnQVp6CRKz1C0x for ; Mon, 9 Jun 2014 16:07:46 -0400 (EDT) Message-ID: <201406091607450478.00F30B2B@smtp.24cl.home> In-Reply-To: <201406092132.28013.mark.tinka@seacom.mu> References: <201406091423310190.00939C60@smtp.24cl.home> <201406092132.28013.mark.tinka@seacom.mu> X-Mailer: Courier 3.50.00.09.1098 (http://www.rosecitysoftware.com) (P) Date: Mon, 09 Jun 2014 16:07:45 -0400 From: "Mike." To: freebsd-questions@freebsd.org Subject: Re: freeradius won't start due to heartbleed Content-Type: text/plain; charset="us-ascii" X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Jun 2014 20:07:51 -0000 On 6/9/2014 at 9:32 PM Mark Tinka wrote: |On Monday, June 09, 2014 08:23:31 PM Mike. wrote: | |> I'm sure I'm missing something obvious (again), but I've |> been staring at this too long, and the solution eludes |> me. |> |> Why does openssl still have the old version number? What |> do I do next, so that radiusd will start up? | |Go to "radiusd.conf", look for the "# SECURITY |CONFIGURATION" section and set: | | allow_vulnerable_openssl = yes | ============= Thanks, that did the trick.