Linking with OpenSSL fails with Heartbleed security advisory even after upgrading it

3.1k Views Asked by prashad At 05 October 2014 at 19:39

while running radius server in debugging mode by using the command radiusd -X, i got a problem like this

the error is shown as below:

Refusing to start with libssl version OpenSSL 1.0.1f 6 Jan 2014 (in range 1.0.1 - 1.0.1f). Security advisory CVE-2014-0160 (Heartbleed) For more information see http://heartbleed.com

the installed openssl version is shown below:

OpenSSL 1.0.1g 7 Apr 2014

eventhough i installed/updated OpenSSL 1.0.1g, i got an error called heartbleed. i stucked in this problem ,could any one help me out of this???

Original Q&A

There are 2 best solutions below

Arran Cudbard-Bell On 06 October 2014 at 15:29

It's not picked up your installed version. You'll need to re-run configure and recompile (if building form source). Verify all other versions have been removed, or pass --with-openssl-include-dir --with-openssl-lib-dir to configure to specify explicit paths.

The debian packages for 3.0.4 already have patches which check for the correct debian packaged version, and alter the config files to ignore the check.

Abhay Chennagiri On 08 October 2014 at 15:11

Try this

    cd /usr/local/etc/raddb
    vi radiusd.conf

Somwhere in the line no 480 odd in the security subsection, You will find a line like this

    allow_vulnerable_openssl = no

Change it to

    allow_vulnerable_openssl = yes

Linking with OpenSSL fails with Heartbleed security advisory even after upgrading it

the error is shown as below:

the installed openssl version is shown below:

There are 2 best solutions below

Related Questions in OPENSSL

Related Questions in RADIUS

Related Questions in HEARTBLEED-BUG

Trending Questions

Popular # Hahtags

Popular Questions