On 15 Apr 2014, at 21:55, Jason Watts <jwa...@pratt.edu> wrote: > Thanks for the clarification.
FreeRADIUS 2.2.5 and 3.0.3 will contain heartbleed attack detection code which will not only prevent an attack, but also produce explicit log output indicating it was attempted. It has been confirmed that versions < 2.2.5 and 3.0.3 are vulnerable when linked against a vulnerable version of libssl. Note: Even when updating to FreeRADIUS 2.2.5 and 3.0.3 if client libraries are linked against a vulnerable version of libssl, the server will be vulnerable to attack from compromised LDAP/SQL/HTTP servers if TLS is used to secure the connection. Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
signature.asc
Description: Message signed with OpenPGP using GPGMail