ANN ARBOR, MICHIGAN, April 14, 2014 – Interlink Networks, LLC today confirmed that the RAD-Series RADIUS Server uses versions of OpenSSL which do NOT have the buffer over-read vulnerability commonly known as the “Heartbleed” bug. OpenSSL Versions 1.0.1 through 1.0.1f inclusive are vulnerable. The RAD-Series RADIUS Server uses OpenSSL Versions from the 0.9.8 branch, which do not have the vulnerablility.
The RAD-Series RADIUS Server uses OpenSSL libraries for certificate based authentication methods such as EAP-TLS, TTLS and PEAP. It also uses OpenSSL libraries to encrypt communications with other systems using protocols such as LDAPS. In cases where LDAPS is used, the system hosting the LDAP directory should also be checked for the Heartbleed vulnerability. The RAD-Series Server Manager uses Apache Tomcat. Configured as presented in the Interlink Networks AAA Server Administrator’s Guide, the Server Manager secures HTTPS communications using JSSE, not OpenSSL and therefore is not affected by the OpenSSL Heartbleed bug.