http://www.openssl.org/news/secadv_20060905.txt
From my preliminary reading, this may only affect people using EAP-TLS. PEAP and EAP-TTLS do not validate certificates on the server side, so they may not be vulnerable. Still, it's probably worth upgrading OpenSSL. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html