[RADIATOR] OpenSSL version.
Heikki Vatiainen
hvn at open.com.au
Sat Aug 15 03:08:14 CDT 2015
On 08/15/2015 12:20 AM, Johnson, Neil M wrote:
> I removed the OSC NET::SSLeay ppm from my Windows system and now I’m
> using the Active States version of OpenSSL, which is OpenSSL 1.0.1e
> 11 Feb 2013 and vulnerable to Heartbleed.
Hello Neil and the other list members,
I suggest upgrading your ActivePerl to a version that does not come with
a vulnerable OpenSSL. ActiveState has published this information about
the vulnerable versions:
https://community.activestate.com/node/10856
Radiator comes with Win32-Lsa PPMs that work with ActivePerl 5.18. If
you'd like to use a more recent ActivePerl, please let us know. Now that
ActivePerl 5.22 is out, we can see how the LSA module compiles against
it. The compiler changes introduced in ActivePerl 5.20 have hopefully
now been settled.
Another option is to use Strawberry Perl. The Win32-Lsa modules that
come with Radiator 4.15 support Strawberry Perl up to version 5.22.
The Heartbleed fix was announced in Strawberry Perl April 2014 release:
http://strawberryperl.com/release-notes/5.18.2.2-64bit.html
The precompiled Net::SSLeay modules were mainly provided for those who
wanted to use EAP-FAST while the extensions EAP-FAST required were not
widely available in OpenSSL. When the Heartbleed vulnerability was
exposed, they were also useful for a quick mitigation.
I recommend using the Net::SSLeay and OpenSSL that come with ActivePerl
and Strawberry Perl and keeping track of their releases and upgrading as
needed.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list